1
Using SSL/TLS Client Certificates for User Authentication
22nd March 2006
Robert Loomans [email protected]
2
Overview
• Background
• Why?
• What?
• How?
• Lessons learned
• Future
• Conclusion
• Q & A
3
Background
• In 2001, APNIC decided to develop a secured web portal (MyAPNIC) to allow its members self manage their account information
– username/password is not sufficient to protect the access
– Leverage SSL and PKI/X.509 technology to authenticate users
• An application framework was developed to handle user authentication and authorisation
• This application framework is then used to develop various web applications such as:
– MyAPNIC– Meeting/events registration system– Resource management system (internal use)
4
What we did
• OpenCA
• Hardware crypto engine
• Apache 2.0 including mod_ssl
• Use Apache config for authentication
• Custom web framework for authorisation
• Mapping to APNIC member using cert serial (Don’t do this!)
• Email expiry reminders
5
Why use client certificates?
• Something the user has, not knows– Best case: cert installed on a smart card
• Strong identification– Well, assuming you want it, and it’s part of your
process• Revokable• Limited validity• Data in the cert is signed by the issuer
– User only controls the use of the private key– Can support capabilities
• Security policy must be explicit– Certificate Policy (CP) and Certification Policy
Statement (CPS)
6
Cons
• More effort for operator– Running the PKI– Processes and procedures– User and operator education– Browser problems and differences
• More effort for users– More process for requesting and renewing
certificates– Reduced portability– Browser problems and differences
7
What don’t client certificates help with?• Clueless users
• Clueless staff
• Poor network security
• Poor application security
• Poor security policy
• Rapid turnaround
8
What are they?
• X.509 v3 Certificates– ASN.1– Extensible
• RFC3280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
• RFC4325 - Internet X.509 Public Key Infrastructure Authority Information Access Certificate Revocation List (CRL) Extension
9
Example Certificate
$ openssl x509 -in RobertLoomans.cer -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5297 (0x14b1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=AU, O=APNIC, OU=Technical Services, CN=APNIC Certification Authority Manager/[email protected]
Validity
Not Before: Sep 14 00:20:24 2005 GMT
Not After : Sep 14 00:20:24 2006 GMT
Subject: C=AP, O=APNIC-AP, CN=Robert Loomans/serialNumber=5297
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:d0:cf:83:65:db:10:e8:74:c1:c3:9b:98:cf:85:
…
00:8d
Exponent: 65537 (0x10001)
10
Example Certificate (cont.)
…
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Client, S/MIME
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
Netscape Comment:
APNIC Client Certificate
X509v3 Subject Key Identifier:
A5:8C:83:B0:BA:19:…:A4:EA:FA:FD:29:74
X509v3 Authority Key Identifier:
keyid:14:86:02:B0:AE:B8:…:85:77:8C:04:E9
DirName:/C=AU/O=APNIC/OU=Technical Services/CN=APNIC Certification Authority Manager/[email protected]
serial:00
11
Example Certificate (cont.)
…
X509v3 Subject Alternative Name:
email:[email protected]
X509v3 Issuer Alternative Name:
email:[email protected]
X509v3 CRL Distribution Points:
URI:https://www.apnic.net/ca/crl/cacrl.crl
Netscape CA Revocation Url:
https://www.apnic.net/ca/crl/cacrl.crl
Netscape Revocation Url:
https://www.apnic.net/ca/crl/cacrl.crl
Signature Algorithm: sha1WithRSAEncryption
1e:ff:f8:45:54:f0:dc:63:03:c7:56:d9:ef:47:50:36:6a:41:
…
14:50:52:45
-----BEGIN CERTIFICATE-----
MIIFbzCCBFegAwIBAgICFLEwDQYJKoZIhvcNAQEFBQAwgY4xCzAJBgNVBAYTAkFV
…
UFJF
-----END CERTIFICATE-----
12
What are they? (cont)
• Distinguishing Name (DN)• Subject• Issuer• Certificate Revocation List (CRL)• Serial• X509 V3 Extensions vs. Netscape Extensions
– Alternative Name vs. Common Name– CRL Distribution Points vs. Revocation URL
• Key Usage• CA bit• Validity
13
What do you need?
• SSL enabled web server
• User database
• PKI– Public interface– Request Authority– Certificate Authority– Repository– Policies– Processes and procedures
14
PKI
• PKIX-WG -http://www.ietf.org/html.charters/pkix-charter.html
• OpenCA - http://www.openca.org/
• TinyCA - http://tinyca.sm-zone.net/
15
Apache configuration
• Normal SSL configuration to serve HTTPS
• SSLCACertificateFile file-path or SSLCACertificatePath directory-path
• SSLCARevocationFile file-path or SSLCARevocationPath directory-path
• SSLVerifyClient level– none– optional– require
• SSLVerifyDepth number
16
Apache configuration (cont.)
• CRL?– Definitely for static content– Otherwise, maybe
• SSLOptions– FakeBasicAuth– StrictRequire– OptRenegotiate– StdEnvVars
17
Apache configuration (cont.)
• SSLRequire
SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
18
Example Apache config
<VirtualHost 202.12.29.21:443 [2001:dc0:2001:0:4608:21::]:443>
ServerName my.apnic.net
ServerAdmin [email protected]
DocumentRoot /…/my.apnic.net/docs
ErrorLog /…/my.apnic.net/logs/error.log
CustomLog /…/my.apnic.net/logs/access.log common
ScriptAlias /cgi-bin/ /…/my.apnic.net/cgi/
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /…/my.apnic.net/logs/ssl_request.log \
"%t %h %{subjectdn}c %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" \
%b"
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
19
Example Apache config (cont.)
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /…/my.apnic.net/conf/server.crt
SSLCACertificateFile /…/conf/ca.crt
SSLCertificateKeyFile /…/my.apnic.net/conf/server.key
# SSLCARevocationPath /…/my.apnic.net/conf/ssl.crl
SSLOptions +StdEnvVars +StrictRequire
SSLVerifyClient require
SSLVerifyDepth 1
</VirtualHost>
20
The application framework
.html
Header
Men
u
Component A
The MainProcessor
(.cgi)
1. Initialise
Page Descriptor Table• Template file• Components• Security Attributes
3. Read PDT
4. Load Components
5. Parse template & transmit
6. Process user input
Cor
e O
bjec
ts (
.pm
)
2. Read ST
Session Table• State• Component• User
Library
M
VC
Component B
Component Cauthenticate
authorise
21
Application configuration
• Authorisation
• Users
• Credentials ↔ User– More than one mapping?
22
Lessons learnt
• Use Distinguishing Name, not Serial– Serial is unique, but it changes on renewal– DN can be identical over renewal
• Who/what are you certifying and/or identifying?– What guarantees are you making, for what
purpose and to whom?
• Possibly use FakeBasicAuth
23
Future
• Segment certificates for different types of users– Different issuers– Different names
• Looser coupling between user identity and authorisation– Browsers don’t deal nicely with choosing
between certificates
24
Conclusion
• Increased security… maybe
• Very flexible
• Extra effort for operator and users– Processes– Education– Browser support
25
Questions?