1
Smart Grid Cybersecurity Committee
July 28, 2017
2
2017 Technical Program
Smart Grid Cybersecurity Committee (SGCC)
Working Group Meeting
3
GridSummit.org
Antitrust Guidelines for SEPA Meetings & Conferences
• SEPA'S MISSION – is to facilitate the utility industry’s smarttransition to a clean energy future through education, research,standards, and collaboration.
• YOUR ROLE AT SEPA MEETINGS AND CONFERENCES – variesbased on what you are attending, but could include sharinginformation with and learning from peers, potential partners,and industry experts and/or to provide guidance to SEPA on itsactivities. Consult with your company counsel if at any time youbelieve discussions are touching on sensitive antitrust subjectssuch as pricing, bids, allocation of customers or territories,boycotts, tying arrangements and the like.
• DO NOT DISCUSS – pricing, price terms, such as, for example,discount and credit policies, promotions, or product categorypricing levels and industry pricing levels, production capacity, orcost information which is not publicly available; confidentialmarket strategies or business plans; or other competitivelysensitive information. Do not disparage suppliers and/orcompetitors of SEPA and/or SEPA Members and participants.
• BE ACCURATE, OBJECTIVE, AND FACTUAL – in any discussionsof goods and services offered in the market by others, includingyour competitors, suppliers, and customers.
• SEPA DOES NOT RECOMMEND – the use of particular vendors,contractors or consultants. SEPA will not promote or endorsecommercial products or services of third parties. You must drawyour own conclusions and make your own choicesindependently.
• DO NOT AGREE WITH OTHERS – to discriminate against orrefuse to deal with (i.e., "boycott") a supplier; or to do businessonly on certain terms and conditions; or to set price, dividemarkets, or allocate customers.
• PLEASE BE AWARE – that an agreement regarding price neednot relate to a specific price, but may relate to levels, discountspolicy, allowance policy, and other terms affecting price levelsor movements and may be inferred from a discussion andensuing conduct.
• DO NOT TRY TO INFLUENCE – or advise others on their businessdecisions, and do not discuss yours (except to the extent thatthey are already public).
• ASK – for advice from your own legal department, if you havequestions about any aspect of these guidelines or about aparticular situation or activity at SEPA; or ask the responsibleSEPA manager to contact SEPA's Legal Counsel.
The antitrust laws and other business laws apply to SEPA, its members, funders, and advisers; violations can lead to civil and criminalliability. SEPA is committed to full compliance, as well as to maintaining the highest ethical standards in all of our operations and activities.
These guidelines apply to all occasions: before, during, and after SEPA meetings and conferences, including in the hallways, over lunch,cocktails and at dinner.
4
GridSummit.org
Agenda
• SGCC Cyber-Physical Resiliency Subgroup Presentation• Chair: Dr. Elizabeth Sisley, Calm Sunrise Consulting, LLC
• Vice Chair: Dr. Michael Cohen, MITRE Corp.
• OpenFMB™ Cybersecurity• Aaron Smallwood, Directory – Technology, SEPA
Working Group Updates
SGCC Leadership
• PKI: All the Facts You Wanted to Know and Were Afraid to Ask• Presentation by William T. Polk, Group Manager for Cryptographic Technology
Group, National Institute of Standards and Technology (NIST)
Presentation: Public Key Infrastructure (PKI)
5
Cyber-Physical Resiliency
Chair: Dr. Elizabeth Sisley
Vice-Chair: Dr. Michael Cohen
6
GridSummit.org
Cyber-Physical Resiliency
Why SGCC (Smart Grid Cybersecurity Committee) andGAWG (Grid Architecture Working Group) both Sponsor
Resiliency
• The Smart Grid needs not only sound architecture for functionality and cybersecurity for security, but also resilience to satisfy its high operational availability requirements.
• There are existing best practices and tools (and an opportunity to identify any gaps), that could be more widely used across system(s) lifecycle, to address the need for Cyber-Physical Resiliency.
Architecture/Engineering
CybersecurityCyber-Physical
Resiliency
7
GridSummit.org
What Problem Do We Have?
• Takeaway: The electric system is, for better or worse, of such size and complexity of: Stakeholders
Decision-makers
Changing Technologies
… that it will not stand still to be designed like a single system-of-systems, nor will there be a person or group of people charged with designing it as such.
• Resilience implies adaptability to change and improvement.
• It must also continue to operate in providing electricity while being understress, attack, and upgrade.
E.G. Continue to deliver electricity while
sophisticated adversary is inside the system.
8
GridSummit.org
Resiliency Definitions
The term "resilience" means the ability to prepare for and adapt to changing conditions
and withstand and recover rapidly from disruptions. Resilience includes the ability to
withstand and recover from deliberate attacks, accidents, or naturally occurring threats or
incidents.
Traditionally this is Architecture/ Engineering
The terms "secure" and "security" refers to reducing the risk to critical infrastructure by
physical means or defensive cyber measures to intrusions, attacks, or the effects of natural or
manmade disasters.
Traditionally this is Cybersecurity
Both Architecture/Engineering and Security are Necessary
Presidential Policy Directive 21 –Critical Infrastructure Security and Resilience
9
GridSummit.org
Deliverables
• Phase 1 (launched Sept 29th):• Catalog/Repository
• Identify Published Best Practices
• Inclusion Criteria
• Architecture/Engineering
• Cybersecurity
• Exclusion Criteria
• Webinar March 21st: registered 207, attended 95
• Will publish via SEPA process
• Phase 2 (just launching):
• Task 1: Identification of Smart Grid Resiliency Gaps
• Task 2: Prepare Resiliency Gap Filler Supplement to NISTIR 7628 Rev.1
Red text – update from Tuesday’s Grid Architecture Working Group
10
GridSummit.org
Inclusion Criteria: Lifecycle
• Focuses on resilience that is designed and engineered into the Cyber-Physical System (CPS) itself
• Designs the CPS to use evolving technologies, such as predictive self-healing, to allow systems to automatically fix themselves
• Designs the CPS to gracefully shut down, and implement fault tolerance mechanisms
• Design CPS to operate in degraded or alternative modes of operation, and recovery.
• Lessens the reliance of the CPS on external dependencies or mitigates the impacts of the loss of those dependencies
11
GridSummit.org
Architecture/Engineering: Inclusion Criteria
• Describes employment of all resilience strategies during CPS design and operations such as:
Eliminating single points of failure and designing for fault tolerance
Utilizing redundancy and diversity/heterogeneity
Includes the use of analog or manual backups
Design for Graceful Degradation
12
GridSummit.org
Cybersecurity:Inclusion Criteria
• Describes employment of all resilience strategies during CPS design and operations such as:
NIST Framework functions: Identify, Protect, Detect, Respond, and Recover
Anticipate, continue to operate correctly in the face of, recover from, and evolve to better adapt to advanced cyber threats
Malware and forensic analysis
Technical defense-in-depth
Dynamic threat modeling
13
GridSummit.org
Exclusion Criteria
• Focuses exclusively on traditional IT Cybersecurity, addressed by e.g. NIST 800-53 Rev 4, etc.
• Focuses exclusively on traditional physical security external to the system, e.g., guns, gates, and guards
• Focuses on IT supply chain risk management, addressed by e.g. NIST 800-161, NERC-013, etc.
• Focuses on external (to the CPS) organizational continuity of operations/disaster recovery processes and procedures.
Reference them as related processes, such as Disaster Recovery Institute Best Practices, NIST 800-34, enterprise risk management manuals SP-800-30, -35 & -37, etc.
14
GridSummit.org
20+ List of Candidate Best Practices
• Systems Engineering – INCOSE.org worldwide education: BS, MS, Ph.D.
• Systems Security Engineering An Integrated Approach to Building Trustworthy Resilient Systems
• Cyber-Physical Systems Framework
• NISTIR 7628 Rev 1
• Cyber Resiliency Engineering Aid-The Updated Cyber Resiliency Engineering Framework and Guidance on Applying Cyber Resiliency Techniques
• CREDC: Cyber Resilient Energy Delivery Consortium
• IIC Security Framework
• Named Data Networks (NDN) and its applicability to critical and challenged networks
• MITRE-Developed Cyber Security and Resiliency Assessment Tools
• Intelligence Preparation for Operational Resilience (IPOR)
• CERT® Resilience Management Model (RMM) v1.1: Code of Practice Crosswalk
• CRR NIST Framework Crosswalk Cross-reference chart for how the NIST Cybersecurity Framework aligns to the Cyber Resilience Review (CRR)
• IEC TC57 WG15 - IEC 62351-12 Resilience and security for power systems with Distributed Energy Resources (DER)
• Stanford Seminar - Engineering Cyber Resiliency: A Pragmatic Approach - (references to power grid & tool)
• Cybersecurity Procurement Language for Energy Delivery Systems
• And more!
15
GridSummit.org
Catalog/Repository
Attributes
1. Item Name (short) 8. Classify as Specify, Design, Build (Re-Engineer), Operate
2. Item Full Title 9. Short Description
3. URL 10. Attribute indicating whether the item contains Cybersecurity, or Architectural, or Both, specific to addressing resiliency and its cousins e.g. availability, reliability, fault-tolerance, etc.
4. Linked to Industry Standards 11. Context (specific technique, set of processes, framework, tool, etc.)
5. Content Owner 12. Maturity / Industry Acceptance Level of this Technique. (To show history include origination date and date of last modification)
6. Education: webinars, training/classes, degrees, etc.
13. Attribute indicating whether the item contains Cybersecurity, or Architecture, or Both specific to addressing resiliency and its cousins e.g. availability, reliability, fault-tolerance, etc.
7. Applicability to What Grid Domains
Etc.
16
GridSummit.orgPhase 2 (just launching)
• Task 1: Identification of Smart Grid Resiliency Gaps
• Task 2: Prepare SEPA Resiliency [Gap Filler]
Supplement to NISTIR 7628 Rev.1
• NOTE: Call for Participation
• Details during Friday’s 1:00-3:00 Smart Grid
Cybersecurity Committee (SGCC) meeting
17
GridSummit.orgPhase 2: Proposed Tasks
Task 1:Identification of Smart Grid Resiliency Gaps
Cross- Walk Between NISTIR 7628r1 and
Resiliency Controls
• Identify resiliency gaps that currently exist in NISTIR 7628 Rev1.
Objective: Enable Smart Grid resilience as well as Cybersecurity
Resiliency Best
Practice
Resiliency Best
Practice
Resiliency Best
Practice
Systems Security
Engineering : Appendix
H
Cyber-Physical Systems
Framework
Cyber Resiliency
Engineering Aid
SG.AC-1
SG.AC-2
SG.AC-3
SG.AC-4
SG.AC-5
SG.AC-6
SG.AC-7
SG.AC-8
SG.AC-9
SG.AC-10
SG.AC-11
SG.AC-12
SG.AC-13
SG.AC-14
SG.AC-15
SG.AC-16
SG.AC-17
SG.AC-18
SG.AC-19
SG.AC-20
SG.AC-21
Access Control Policy and Procedures
Remote Access Policy and Procedures
Account Management
Access Enforcement
Awareness and Training (SG.AT)
NISTIR 7628, Rev. 1 High-Level Security RequirementsAccess Control (SG.AC)
Concurrent Session Control
Session Lock
Remote Session Termination
Permitted Actions without Identification or Authentication
Remote Access
Wireless Access Restrictions
Information Flow Enforcement
Separation of Duties
Least Privilege
Unsuccessful Login Attempts
Smart Grid Information System Use Notification
Previous Logon Notification
Access Control for Portable and Mobile Devices
Use of External Information Control Systems
Control System Access Restrictions
Publicly Accessible Content
Passwords
NISTIR 7628 Rev.1 MAPPING to Resiliency Best Practices
18
GridSummit.org
Phase 2
Proposed Tasks Task 2: Prepare SEPA Resiliency [Gap Filler] Supplement to NISTIR 7628 Rev.1
This task will prepare a draft
Resiliency Supplement to NISTIR
7628r1. Entries will consist of:
• Resiliency Family Name (either an existing Security Requirement Family Name or a new Resiliency Family Name)
• Resiliency Requirement Description
• Requirement Enhancements (optional)
• Additional Considerations (optional)
• Impact Level Allocation
19
GridSummit.org
Agenda
• SGCC Cyber-Physical Resiliency Subgroup Presentation• Chair: Dr. Elizabeth Sisley, Calm Sunrise Consulting, LLC
• Vice Chair: Dr. Michael Cohen, MITRE Corp.
• OpenFMB™ Cybersecurity• Aaron Smallwood, Directory – Technology, SEPA
Working Group Updates
• Nelson Hastings
SGCC Leadership
• PKI: All the Facts You Wanted to Know and Were Afraid to Ask• Presentation by William T. Polk, Group Manager for Cryptographic Technology
Group, National Institute of Standards and Technology (NIST)
Presentation: Public Key Infrastructure (PKI)
20
GridSummit.org
Agenda
• SGCC Cyber-Physical Resiliency Subgroup Presentation• Chair: Dr. Elizabeth Sisley, Calm Sunrise Consulting, LLC
• Vice Chair: Dr. Michael Cohen, MITRE Corp.
• OpenFMB™ Cybersecurity• Aaron Smallwood, Directory – Technology, SEPA
Working Group Updates
• Nelson Hastings
SGCC Leadership
• PKI: All the Facts You Wanted to Know and Were Afraid to Ask• Presentation by William T. Polk, Group Manager for Cryptographic Technology
Group, National Institute of Standards and Technology (NIST)
Presentation: Public Key Infrastructure (PKI)
21
NIST Cybersecurity Smart Grid Efforts and
Proposed SGCC Activities
Nelson Hastings, NIST
Cybersecurity and Privacy Applications Group Leader
Applied Cybersecurity Division
22
GridSummit.org
NIST Smart Grid Cybersecurity Efforts
• Supporting SEPA by chairing the Smart Grid Cybersecurity Committee (SGCC)
• Applying the NIST Cybersecurity Framework to identity/characterize risk to emerging smart grid architectures
• To be integrated into the NIST Smart Grid Interoperability Framework update
Security of Grid Edge Devices
• Grid edge devices include Smart Meters, Inverters, Thermostats, HVAC systems, …
• Securing these devices is critical to scaling control systems that may leverage grid edge devices.
• The NISTIR 7628 provides Guidelines forSmart Grid Cyber Security.
• Ideally we would like a strategy to decompose these system level guidelines to device specifications.
Profiling performance of Grid Edge Devices
• We are currently developing technology to profile the performance impact of security solutions on grid edge devices.
• The eventual goal is to balance cybersecurity tools across a DER architecture, minimizing system level risk exposure.
• Diversity in design, legacy and communication protocols pose a challenge – requiring continuing engagement with device manufacturers.
25
GridSummit.org
Proposed SGCC Activities for Discussion
• Develop best practices for identity management from a relying party perspective
• Managing identities of an organizations employees or owned devices verses customers or devices not owned by an organization connected to their network
• Profiling the NIST Cybersecurity Framework for a smart grid use case
• Similar to what was created for the manufacturing sector
• http://csrc.nist.gov/cyberframework/documents/Manufacturing-Profile-DRAFT.pdf
26
GridSummit.org
An Example: Manufacturing Profile
27
GridSummit.org
Core Cybersecurity Framework Components
What processes and assets need protection?
What safeguards are available?
What techniques can identify incidents?
What techniques can contain impacts of
incidents?
What techniques can restore capabilities?
Core Cybersecurity Framework Components
28
Function Category ID
Identify
Asset Management ID.AM
Business Environment ID.BE
Governance ID.GV
Risk Assessment ID.RA
Risk Management Strategy
ID.RM
Protect
Access Control PR.AC
Awareness and Training PR.AT
Data Security PR.DS
Information Protection Processes & Procedures
PR.IP
Maintenance PR.MA
Protective Technology PR.PT
Detect
Anomalies and Events DE.AE
Security Continuous Monitoring
DE.CM
Detection Processes DE.DP
Respond
Response Planning RS.RP
Communications RS.CO
Analysis RS.AN
Mitigation RS.MI
Improvements RS.IM
RecoverRecovery Planning RC.RP
Improvements RC.IM
Communications RC.CO
Subcategory Informative ReferencesID.BE-1: The organization’s role in the supply chain is identified and communicated
COBIT 5 APO01.02, DSS06.03ISA 62443-2-1:2009 4.3.2.3.3ISO/IEC 27001:2013 A.6.1.1NIST SP 800-53 Rev. 4 CP-2, PS-7, PM-11
ID.BE-2: The organization’s place in critical infrastructure and its industry sector is identified and communicated
COBIT 5 APO08.04, APO08.05, APO10.03, APO10.04, APO10.05ISO/IEC 27001:2013 A.15.1.3, A.15.2.1, A.15.2.2NIST SP 800-53 Rev. 4 CP-2, SA-12
ID.BE-3: Priorities for organizational mission, objectives, and activities are established and communicated
COBIT 5 APO02.06, APO03.01NIST SP 800-53 Rev. 4 PM-8
ID.BE-4: Dependencies and critical functions for delivery of critical services are established
COBIT 5 APO02.01, APO02.06, APO03.01ISA 62443-2-1:2009 4.2.2.1, 4.2.3.6NIST SP 800-53 Rev. 4 PM-11, SA-14
ID.BE-5: Resilience requirements to support delivery of critical services are established
ISO/IEC 27001:2013 A.11.2.2, A.11.2.3, A.12.1.3NIST SP 800-53 Rev. 4 CP-8, PE-9, PE-11, PM-8, SA-14
29
GridSummit.org
Ways to think about a Profile
• A customization of the Core forgiven sector, subsector, or organization
• A fusion of business/mission logic and cybersecurity outcomes
• An alignment of cybersecurity requirements with operational methodologies
• A basis for assessment and expressing target state
• A decision support tool for cybersecurity risk management
Identify
Protect
Detect
Respond
Recover
30
GridSummit.org
Business/Mission Objectives
Prioritized cybersecurity practices that will promote and support key business/mission goals for the manufacturer.
Maintain Personnel Safety
Maintain Environmental Safety
Maintain Product Quality
Maintain Production Goals
Maintain Trade Secrets
31
GridSummit.org
32
ID.AM-1 Physical devices and systems within the organization are inventoried
32
Profile Example ID AM
33
GridSummit.org
Profile Language ID.AM-1
37
GridSummit.org
Agenda
• Nelson Hastings
SGCC Leadership
• SGCC Cyber-Physical Resiliency Subgroup Presentation
• Chair: Dr. Elizabeth Sisley, Calm Sunrise Consulting, LLC
• Vice Chair: Dr. Michael Cohen, MITRE Corp.
• OpenFMB™ Cybersecurity• Aaron Smallwood, Directory – Technology, SEPA
Working Group Updates
• PKI: All the Facts You Wanted to Know and Were Afraid to Ask• Presentation by William T. Polk, Group Manager for Cryptographic Technology
Group, National Institute of Standards and Technology (NIST)
Presentation: Public Key Infrastructure (PKI)
38
Why PKI Is So Darn ComplicatedandWhy You Might Want to Use it Anyway
• Tim Polk
39
GridSummit.org
Objectives
• Establish the historical context
• Understand how PKI works• Why it is so complex
• Which design choices matter
• Recognize which problems PKI can (and can’t) solve
40
History of PKI
in 4 Slides
41
GridSummit.org
Secret Key Cryptography is Easy, Key Management is Hard
• Sharing secrets has always been hard
• Secret key cryptography is easy (Caesar
could do it!)
This allows Alice and Bob to share a secret
But there is a bootstrap problem
• You have to share a secret, and sharing secrets has
always been hard
42
GridSummit.org
Public Key Cryptography is Easy, Key Management is Hard
• 1976, public key cryptography is invented and sharing
secrets is easy Alice uses her private key, which no one else knows, to
encrypt a message
Alice shares her public key with everyone, Bob uses it to
decrypt the secret
But there is a bootstrap problem
• authenticating the public key (e.g., ensuring it [still] belongs to Alice)
is hard – almost as hard as sharing a secret
• Public key certificates were proposed soon after But we need a scalable mechanism for authenticating
certificates
And saying that key is no good anymore
43
GridSummit.org
PKI Standards are simple, as long as you support one application
• 1988, the X.509 certificate standard is published “to
facilitate the interconnection of information processing
systems“ for the emerging Global X.500 directory Approximately 12 of the 21 normative pages specify formats
and processes to create a strictly hierarchical trust
infrastructure, so a single public key authenticates the world
• Hey, we can use that to support lots of applications! But many details required to support more general applications
are omitted, so they soon published versions 2 and 3
And the emerging Global directory system doesn’t materialize
44
GridSummit.org
The great thing about PKI standards is there are so many of them
• 1999, IETF publishes RFC 2459 to align X.509 v3
with the needs of Internet applications and leverage
the Lightweight Directory Protocol• RFC 2459 had 64 normative pages, and another 65
pages of appendices “to aid implementers”
• And we omitted stuff in 2459, so we had to publish RFCs
3280 and 5280
• And another 67 supporting RFCs to cover new revocation
strategies, logos, and trust anchors
45
GridSummit.org
So Why In the WorldShould You Use PKI?
• PKI offers a scalable mechanism to implement strong authentication to systems, digitally sign documents and code, share secret keys to support encrypted email, sessions, etc., etc., etc.
• As a toolkit, it is kind of a Swiss Army knife for security, supporting a broad range of applications and services Of course, a Swiss Army knife isn’t usually the very best
knife for any particular purpose
• When features are carefully chosen, it can be a very successful and straightforward mechanism
46
GridSummit.org
PKI Roles and Objects
• Mandatory Roles and Objects Certification authorities (CAs), Registration authorities
(RAs), a repository to store and distribute certificates and CRLs, certificate subjects (the entities that hold the private keys), and “relying parties” (who use the public keys)
• Optional Attribute certificates to specify extra information about
certificate subjects
Certificate Status Responders
Path Validation Servers
47
GridSummit.org
Certificates
• Certificates bind an identity (the subject) to a publickey.
• An issuing or certifying authority builds a certificate that contains:
• Subject’s Distinguished Name
• Subject’s Public Key
• Issuer’s Distinguished Name
• Extensions that further describe the subject, limit the use of the key, or
• The issuer digitally signs the certificate so no one can change its contents.
Certificateof
Authenticity
48
GridSummit.org
X.509 Certificate Format
SERIAL NUMBER
v1 or v2 or v3
O=USG, OU=Commerce, CN=CA1
VERSION
12345
SIGNATURE ALGORITHM RSA with SHA-2
ISSUER
VALIDITY 1/1/16 - 1/1/19
SUBJECTO=USG, OU=Commerce,
CN=Tim PolkSUBJECT PUBLIC
KEY INFORSA, 48...321
ISSUER UNIQUE IDACBDEFGH
SUBJECT UNIQUE ID RSTUVWXY
EXTENSIONS
SIGNATURE
49
GridSummit.org
Public Keys
• Public key associated with any asymmetric algorithm
• Public key used to support:• Digital Signature and Non-repudiation
• Key Management
• Data Encipherment
• Certificate Signature
• Certificate Revocation List Signature
Best Current Practice: Give certificate subjects two ECC keys,one for signatures and another for key management.
50
GridSummit.org
X.509 Certificate Extensions
• Authority Key Identifier
• Subject Key Identifier
• Key Usage
• Private Key Usage Period
• Certificate Policies
• Policy Mappings
• Subject Alternative Name
• Issuer Alternative Name
• Freshest CRL
• Basic Constraints
• Name Constraints
• Policy Constraints
• Extended Key Usage
• CRL Distribution Points
• Inhibit Any-Policy
• Authority Information Access
• Subject Information Access
• Subject Directory Attributes
Please don’t define your own proprietary extension.We have at least one solution for almost everything!
51
GridSummit.org
Certificate Revocation Lists (CRLs)
• Lists of certificates that should no longer be
trusted
Can be big!
• Delta CRLs, Sliding Window Delta CRLs,
Indirect CRLs are all optimizations for
different environments
52
GridSummit.org
X.509 CRL Format
VERSION
SIGNATURE ALGORITHM RSA with SHA-2
v1 or v2
O=USG, OU=Commerce, CN=CA1 ISSUER
LAST UPDATE 7/28/17
NEXT UPDATE7/29/17
REVOKED
CERTIFICATES
CRL EXTENSIONS
SIGNATURE
SEQUENCE OF
SERIAL NUMBER 12345
REVOCATION DATE6/4/17
CRL ENTRY EXTENSIONS
53
GridSummit.org
Certification Authority
• Establish and maintain an accurate binding between the public key and attributes contained in a certificate
• Manages and publishes certificates
Issues and renews certificates
Issues Certificate Revocation Lists (CRLs)
• Initializes tokens (optional)
• Generates and provides recovery for public/private key pairs (optional)
54
GridSummit.org
How do I get a certificate,anyway?
• The RA confirms the subjects identity and any other
attributes in the certificate, then the CA issues the
certificate and passes it to both the certificate
subject and the repository
• Two basic strategies:
Face-to-face registration
Online registration
• Unfortunate note: there are lots of Certificate
Management Protocols to implement this
55
GridSummit.org
Making it Scale: Certification Path
Alice can verify Bob’s certificate by verifying a chain of certificates ending in one issued by a Certification Authority (CA) she trusts
56
GridSummit.org
Making it Scale:Public Key Infrastructure Topologies
57
GridSummit.org
Customizing PKI
• Online Certificate Status Protocol (OCSP)
Responder answers the basic question: is this certificate
revoked?
Irrevocable trust in OCSP responder
• Delegated Path Validation
Trusted server builds the entire path, but the relying party
makes its own decision
• Simple Certificate Validation Protocol (SCVP)
Server builds path and validates it for the client
58
GridSummit.org
Which leaves us with…
• A certificate subject (Alice) with a couple of private
keys and certificates who wants to sign and/or
encrypt some data
• A relying party (Bob) that
has selected one or more trusted roots,
knows how to build and validate a path, and
Can use public keys from validated certificates to verify
the signature or decrypt the data
• And this works even though Alice and Bob may
work for different organizations
59
GridSummit.org
Takeaways
PKI is not for the faint of heart, but…
PKI provides a scalable and flexible foundation for the full range of cryptographic security in applications across organizational boundaries
THANK YOU