X.509 Authentication Service

ByMuhammad Junaid Anjum (021-BSCS-07)

Muhammad Jalal (039-BSCS-07)Muhammad Khurram Chaudhry (079-

BSCS-07)Muhammad Zubair (099-BSCS-07)

Network Security and Cryptography

ContentsIntroductionX.509 Authentication ServiceCertificatesRevocation of CertificatesAuthentication ProceduresCertificate FormatX.509 Version 3Certificate Extensions

IntroductionSun Tzu, a famous Chinese military General

also the author of The Art of War once said:

“We cannot enter into alliance with neighboring princes until we are acquainted

with their designs.”

HistoryX.509 was initially issued in 1988The standard was subsequently revised to

address some of the security concerns.A revised recommendation was issued in

1993.A third version of the X.509 was issued in

1995.The third version was then revised in

2005.

OverviewAuthentication application are those that

will consider authentication functions.Authentication services were developed to

support application level authentication and digital signatures.

It consists of two main kind of authentication services:

1) Kerberos2) X.509 Authentication Service

We will only cover the second type of authentication service.

X.509 Authentication ServiceIntroductionHistoryDefinitionUsage

IntroductionX.509 in cryptography is a very important

standard.It is an ITU-T standard for:

a) Public Key Infrastructure (PKI)b) Single Sign On (SSO)c) Privilege Management Infrastructure (PMI)

IntroductionX.509 specifies the standards for the

following formats:a) Public Key Certificates b) Certificate Revocation Listsc) Attributes Certificatesd) Certification Path Validation Algorithm

IntroductionX.509 is an important standard as the

certificate structure and authenticated protocols defined in X.509 are used in various contexts:a) S/MIMEb) IP Securityc) SSL/TLSd) SET

DefinitionX.509 defines a framework for the

provision of authentication services by the X.500 directory to its users.

The directory is a server or a distributed set of servers that a maintain a database of information about users.

This directory includes a mapping from user name to network address, as well as other attributes and information.

This directory may serve as a repository of public key certificates.

DefinitionIn X.509, each certificate contains the

public key of a user and is signed with the private key of a trusted certification authority.

X.509 also defines alternative authentication protocols based on the use of public key certificates.

UsageX.509 is based on the use of public key

cryptography and digital signatures. The standard does not force the use of a

specific algorithm but recommends RSA.The digital signature scheme is assumed

to require the usage of a hash function.The 1988 recommendation of X.509

included the description of a recommended hash algorithm.

Due to insecurity the hash algorithm was dropped from the 1993 recommendation.

KEY

Unsigned Certificate:

contains user ID &

User Public Key

H

Generate hash code of unsigned certificate

EEncrypt hash code with CA’s private key to form a signature

Signed Certificate: Recipient can verify signature using CA’s public key

CertificatesOverview General FormatNotationUser Certificates

OverviewThe heart of X.509 scheme is the public

key certificate associated with each user.The user certificate are assumed to be

created by some trusted certification authority (CA) and placed in the directory of the CA or by the user.

The directory server itself is not responsible for the creation of public keys or for the certification function.

The directory merely provides an easily accessible location for users to obtain certificates.

General FormatThe general format of the certificates

includes the following elements:a) Versionb) Serial Numberc) Signature Algorithm Identifierd) Issuer namee) Period of Validity

General Formatf) Subject Nameg) Subject Public Key Informationh) Issuer Unique Identifieri) Subject Unique Identifierj) Extensionsk) Signature

NotationThe X.509 standard uses the following

notation to define a certificate

CA<<A>> = CA {V, SN, AI, CA, TA, A, Ap}whereY<<X>> is the certificate of user X

issued by Certification Authority (CA)Y{I} is the signing of I by Y. It consists of I

with an encrypted hash code appended

User CertificateUser Certificates generated by a CA have the

following characteristics:a) Any user with access to the public key of the

CA can verify the user public key that was certified.

b) No party other than the certification authority can modify the certificate without this being detected.

User CertificateX.509 suggests that CA’s be arranged in a

hierarchy so that navigation is straightforward.

To understand this we take an example:Two CA have securely exchanged their own public keys.a) ‘A’ obtain, from the directory, the certificate

of X2 signed by X1.b) ‘A’ then goes back to the directory and

obtains the certificate of ‘B’ signed by X2.

User CertificatesThe connected circles indicate their

hierarchical relationship among CAThe associated boxes indicate certificates

maintained in the directory of each CA entry.

The directory entry for each CA includes two types of certificates:

a) Forward Certificatesb) Reverse Certificates

Revocation of CertificatesA new certificate is issued just before the

expiration of the old one.The occasion to revoke a certificate are:a) The user secret key is assumed to be

compromised.b) The user is no longer certified by the CA.c) The CA certificate is assumed to be

compromised.CA maintain list of revoked certificates known as

the Certification Revocation List (CRL)Users should check certificates with CA’s CRL.

Authentication ProceduresX.509 includes three alternative

authentication procedures:

a) One-Way Authenticationb) Two-Way Authenticationc) Three-Way Authentication

All of the above use public key signatures.

One-Way AuthenticationOne-Way authentication involves a single

transfer of information from user A to user B and establish the following:

a) The identity of A and that the message was generated by A.

b) The message was intended for B.c) The integrity and originality (it has not

been sent multiple times) of the message.

Two-Way AuthenticationTwo-Way authentication establishes the

following elements:

a) The identity of B and that the reply message was generated by B.

b) The message was intended for A.c) The integrity and the originality of the reply.

Three-Way AuthenticationIn three-Way authentication a final message

from A to B is included.It contains a signed copy of nonce. The intent of this design is that timestamps

need not be checked.This approach is needed when synchronized

clocks are not available.

X.509 Version 3It has been recognized that additional

information is needed in a certificate that include email, URL, policy details.

Rather than explicitly naming new fields a general extension method was defined.

The Extension consists of:

a) Extension Identifierb) Critically Indicatorc) Extension Value

Certificate ExtensionsThe certificate extension fall into three

main categories

a) Key and Policy Information.b) Certificates Subject and Issuer

Attributes.c) Certification Path Constraints.

Any Questions