An Introduction to Public Key Infrastructure PKI

1

Security PKI,SSL,Akenti,Globus
Akenti - Abdelilah Essiari Srilekha Mudumbai Mary
Thompson Globus Security Steve Tuecke, Von
Welch SSL, Credential delegation - Keith Jackson

2
Public Key Infrastructure

• Provides a uniform way for different
  organizations to identify people or other
  entities through X.509 identity certificates
  containing public keys.
• These certificates and keys can be used though
  secured connections (SSL) to positively
  establish the identity of the entities on the
  connection.
• The keys can be used to provide digital
  signatures on documents. The authors and
  contents of signed documents can be verified at
  the time of use.

3
Elements of PKI

• Certificate Authorities (CA)
• OpenSSL, Netscape, Verisign, Entrust, RSA Keon
• Public/Private Key Pairs - Key management
• x.509 Identity Certificates - Certificate
  management
• LDAP servers

4
X.509 Identity Certificates

• Distinguished Name of user
• CUS, OLawrence Berkely National Laboratory,
  OUDSD, CNMary R. Thompson (traditional )
• DCorg,DCdoesciencegrid,CNMary R. Thompson
  d3587 (new)
• DN of Issuer
• DC-org,DCdoesciencegrid, CNDOESG CA
• Validity dates
• Not before ltdategt, Not after ltdategt
• User's public key
• V3- extensions
• Signed by CA
• Defined in ANS1 notation - language independent

5
Certificate Authority

• A trusted third party - must be a secure server
• Signs and publishes X.509 Identity certificates
• Revokes certificates and publishes a
  Certification Revocation List (CRL)
• Many vendors
• OpenSSL - open source, very simple
• Netscape - free for limited number of
  certificates
• Entrust - Can be run by enterprise or by Entrust
• Verisign - Run by Verisign under contract to
  enterprise
• RSA Security - Keon servers

6
LDAP server

• Lightweight Directory Access Protocol (IETF
  standard)
• Evolved from DAP and X.500 Identities
• Used by CA's to store user's Identity Certificate
• Open source implementations
• Standard protocol for lookup, entry, etc.
• Access control is implemented by user, password
  or certificates

7
SSL - OpenSSL

• Secure message passing protocol
• Developed by Netscape, now an IETF RFC (TLS Jan
  '99)
• Protocol for using one or two public/private
  keys
• to authenticate a sever to a client
• and by requiring a client key to authenticate
  the client to the server
• establish a shared symetric key (the session key)
• uses the session key to encypt or MAC all data
  over the secure channel
• Gives you authentication, message integrity and
  confidentiality
• Everything except authorizaton

8
SSL Handshake

• Negotiate the cipher suite
• Establish a shared session key
• Authenticate the server (optional)
• Authenticate the client (optional)
• Authenticate previously exhanged data

9
SSL handshake details

• Client hello
• Client challenge, client nonce
• Available cipher suites (eg RSA RC4/40 MD5)
• Server hello
• Server certificate, server nonce
• Connection ID
• Selected cipher suite
• Server adapts to client capabilities
• Optional certificate exchange to authenticate
  server/client
• Commercial sites only use server authentication

10
SSL Handshake - details
Client
Server
Generate Challenge Define Protocols
Challenge
Encryption protocols
Return Server Certificate Generate connection
ID Confirm Protocols
Server Cert
Verify server certificate
Connection ID
Encryption protocols
Decrypt pre-master session key master secret
hash (pre-master secret, previous
messages) Generate server read/write Key pairs
Generates pre-master session key Encrypt session
key master-secret hash(pre-master secret,
previous messages) Generate Client read/write
key pairs
pre-master session Key Server's public key
Encrypt random challenge phrase
Decrypt and verify challenge phrase
Client's Challenge Server Write Key
11
SSL Handshake
Client Authentication
Client
Server
Generate new challenge Requests Client certificate
Decrypt challenge
(Challenge phrase) Server write key
Decrypt Message Digest and Client Certificate
Calculate message digest on Challenge and
Server certificate
Message Digest Client Certificate Client
private key
Verify Client certificate and recompute message
digest
Done
(Session Identifier) Server's write key
12
openssl command

• Part of the openssl or globus installation
• /usr/local/globus-2.0/bin/openssl
• Provides commands to view, create and extract
  fields
• X.509 credentials
• X.509 credential requests (pkcs10)
• PKCS12 files
• Private keys (pkcs8, rsa,dsa)
• Sign x.509 certificates
• Parse ANS1
• openssl help gives a list of the commands
• openssl x509 h gives a list of options for a
  X509 cert

13
Public Key Cryptography Standards - PKCS

• PKCS 7
• Cryptographic Message Syntax Standard
• PKCS 10
• Certification Request Syntax Standard - used by
  Netscape browser, IE, and SSL libraries
• PKCS 11
• Cryptographic Token Interface Standard - An API
  for signing and verifying data by a device that
  holds the key
• PKCS 12
• Personal Information Exchange Syntax Standard -
  file format for storing certificate and private
  key - used to move private information between
  browsers

14
Akenti Motivation

• Widely distributed computing environments,
  collaborative research environments
• Resources, stakeholders and users are all
  distributed
• Spanning organizational as well as geographical
  boundaries, e.g., DOE Collaboratories
• Requires a flexible and secure way for
  stakeholders to remotely specify access control
  for their resources
• Requires a flexible but secure way to identify
  users and their attributes

15
Akenti Goals

• Access based on policy statements made by
  stakeholders
• Handle multiple independent stakeholders for a
  single resource
• Use Public Key Infrastructure standards to
  identify users and create digitally signed
  certificates
• Emphasize usability

16
Approach

• Emphasize usability features
• Public Key Infrastructure (PKI) facilitates
• digitally signed documents for user Identity
  (X.509)
• digitally signed documents for policy
  (UseConditions)
• digitally signed documents for user attributes
• Flexible Architecture

17
Emphasis on usability

• Usability is critical
• Policy and attributes must be easy for
  stakeholders to generate
• Authorized users must gain access easily
• Non-authorized users must be strongly rejected.
• Akenti certificate generators provide a user
  friendly interface for stakeholders to specify
  the use constraints for their resources.
• User or stakeholder can see a static view of the
  policy that controls the use of a resource.
• Akenti Monitor applet provides a Web interface
  for a user to check his access to a resource to
  see why it succeeded or failed.

18
Certificate Management

• Users need to generate signed certificates and
  store them in Web accessible places
• Akenti needs to know where to search for
  certificates
• Once a certificate is found, Akenti will cache it
  for a a time not to exceed that specified by the
  stakeholder.

19
Akenti Authorization

• Minimal local Policy Files (authorization files)
  Who to trust, where to look for certificates.
• Based on the following digitally signed
  certificates
• X.509 certificates for user identity and
  authentication
• UseCondition certificates containing stakeholder
  policy
• Attribute certificates in which a trusted party
  attests that a user possesses some attribute,
  e.g. training, group membership
• Can be called from any application that has an
  authenticated users identity certificate and a
  unique resource name, to return that users
  privileges with respect to the resource.

20
Akenti Server Architecture
Cache Manager
Fetch Certificate
DN
Resource Server
Client
Akenti
DN
DN
Identity (X509) certificate on behalf of the user.
Log Server
Internet
Use condition or attribute certificates
LDAP
File Servers
Database Server
Web Server
DN
Identity certificates
Certificate Servers
21

Akenti Certificate Management
Stakeholders
S3
S4
S1
S2
Certificate Generator
C4(S4)
C1(S1)
C2(S2)
C3(S3)
Certificate Servers
Akenti
Hash Generator
Search based on resource name, user DN, and
attribute
22
Required Infrastructure

• Certificate Authority to issue identity
  certificates (required)
• openssl provides simple CA for testing
• Netscape CA - moderate cost and effort
• Enterprise solutions - Entrust, Verisign,
• Method to check for revocation of identity
  certificates (required)
• LDAP server - free from Univ. of Mich.. Or comes
  with Netscape CA
• Certificate Revocation lists - supported by most
  CAs
• Network accessible ways for stakeholders to store
  their certificates (optional)
• Web servers
• LDAP servers

23
Vulnerabilities

• Primarily denial of service.
• Distributed certificates might not be available
  when needed.
• Independent stakeholders may create a policy that
  is inconsistent with what they intend. Easy to
  deny all access.

24
Generic Security Service

• Implements authenticated connections between
  peers and integrity checks and encrypts messages
  independent of the type of credential, e.g.
  Kerberos or X509 cert.
• RFC 2078 GSS-API version 2 Jan 1997 J. Linn
• RFC 2744 GSS-API version 2 C bindings Jan 2000
  J. Wray
• acquire_cred
• init_sec_context initiate a security context
  with a peer application
• accept_sec_context accept a security context
  from a peer
• export_sec_context to another process
• getMIC/verifyMIC
• gss_wrap/unwrap - add MIC and maybe encrypt the
  contents of a message

25
Globus Security Infrastructure

• Implements the GSS-API using x.509 certificates
  as the credential
• GSS-assist library provides a simpler interface
• http//www.globus.org/security/gss_assist.html
• acquire_cred
• init_context, accept_context
• Has option let application do authorization, e.g.
  check grid-mapfile
• This is done for you by the Globus i/o library.
• http//www.globus.org/security/

26
Globus Certificate Management

• CA-signing policy
• /etc/grid-security/certificates/ca-signing-policy.
  conf
• For each acceptable CA, gives a list of the DNs
  that it can sign for.
• mapfile - /etc/grid-security/grid-mapfile
• For each allowed user, maps between DN and local
  userid
• User credentials
• My X.509 certificate HOME/.globus/usercert.pem
• My private key - HOME/.gloubs/userkey.pem mode
  400
• Grid-proxy-init creates a delegated credential
  from HOME/.globus/usercert.pem and puts it in
  /tmp/x509up_uuid

27
References

• Peter Guttman's tutorial
• http//www.cs.auckland.ac.nz/pgut001/tutorial/
  about 500 slides covering cryptography, secure
  connection protocols, PKI, politics and more.
• RSA Laboratories PKCS specifications
• http//www.rsasecurity.com/rsalabs/pkcs/
• SSL/TLS
• TLS v 1.0 RFC - http//www.ietf.org/rfc/rfc2246.tx
  .
• SSL-v3 http//www.netscape.com/eng/ssl3/draft302.t
  xt
• openSSL http//www.openssl.org/

28
References (cont)

• Esnets PKI http//envisage.es.net/
• Akenti http//www-itg.lbl.gov/Akenti/
• Globus security http//www.globus.org/security/