Security+All-In-One Edition

Chapter 5 – Public Key Infrastructure

Brian E. Brzezicki

Public Key InfrastructureSo… Symmetric key (private key) encryption is

fast and nice, but has what MAJOR problem?

Symmetric Key encryption, also doesn’t provide integrity concerns ;(

Asymmetric Key/public key encryption can be combined with Symmetric Key encryption to solve BOTH problems, but Symmetric Key encryption has what problem of it’s own?

MiM (normal exchange)

MiM Attack! (part 1)

MiM Attack! Part 2

Public Key Infrastructure

Wouldn’t it be nice if some one we could distribute public keys AND be assured that the public key we received was the actual public key of the person we expect to talk to?

PKI to the rescue!

PKI (109)PKIs are generally concerned with ensuring and

managing identity trust, specifically using “digital certificates”.

• Provides all the components necessary for users to be able to communicate securely in a managed method.

• Includes hardware, software, policies, services, algorithms and protocols.

• Enables C, and I of the CIA triad• Enables non-repudiation

PKIs how do they work? (110)• In a PKI you are given a digital certificate, which contains

your identity, and a key (public key) people can use to encrypt data securely to you OR verify items that you have digitally signed!

• However we must have some way of ensuring that the digital certificate has not been “faked” so we have a entity called a Certificate Authority (CA) that digitally signs your digital certificate, proving that the digital certificate is really yours!– It is important that users trust the CA, otherwise there is no purpose!!!

The entire PKI structure relies upon the fact that the CA can be trusted! If the CA is comprimised the whole PKI is useless.

(more)

PKIs how do they work? (110)• CAs are computer technology entities that issue/sign your

digital certificates, however they rely on an entity to actually do a “background” check on you to prove you really are you you say you are before the CA will “vouch” for you. This “background” check entity is called an Registration Authority (RA)

RA would take identifying information that proves I am who I say I am such as

• Drivers license• Passport• Birth CertificateOnce my identity is verified the RA will tell the CA to issue and

sign a digital certificate for me(more)

PKIs how do they work? (115)

• Once a digital certificate has been created and signed, they are stored in a “Certificate repository” which can be queried by users and applications in a PKI when someone wants to communicate with a user.

• These repositories are usually LDAP compliant databases.

So what’s in a Digital Certificate? (120)

X.509 certificate standard• X.509 Version Number• Subject• Public Key!!!• Issuer (CA that vouched for you)• Serial Number• Validity dates• Certificate Usage• Signature Algorithm• Extensions

Lets look at a digital Certificate together (n/b)

• Firefox – https://www.redhat.com• Click on the yellow lock at the bottom• In the pop-up click on “view certificate”• What version is it?• What’s the “Common Name”• Who is the Issuing Certificate Authority• When does the Certificate Expire• Why would a certificate expire?

(more)

Lets look at a digital Certificate together (n/b)

Now click on the details tab• What is this “Certificate Hierarchy” stuff?• Who Signed the cert for www.redhat.com• Who signed the cert for that CA? • This “vouching” for CAs is called a

“certificate chain”• If someone signed for someone else…

who signed for them? When does this end? Let’s explore this…

PKI hierarchy

PKI implementations are usually a hierarchy, where one CA signs another CAs certificate.

• Parent Child relationship• Top parent is called a root CA• All others are called subordinate CA

Visualization next slide

PKI hierarchy (142)

CA concerns (112)• Every CA should have a Certification Practice

Statement which outlines– How the RA verifies identities– How the Certificates are transferred– How keys are secured– What data is in a Digital Certificate– How revocations are handled… etc

• Before using a 3rd party CA, you should understand and be comfortable with CPS and the security controls they use. If the CA does not handle things securely… there is no point in using them.

Advanced PKI concepts

Types of CertificatesThere are 3 main types of certificates

• End-entity certificates– Given to end users or servers or applications

• CA certificates– Given to CAs, can be signed by another CA or

“self signed”– What does it mean to be self signed, what does

it imply?

(more)

Types of Certificates(145)

• Cross-certification certificates– When two companies want to trust each

other, their root CAs may issue a certificate to the root CAs for each other, allowing a “peer to peer” trust model for CAs and allowing users in one organization to trust users in another.

Visualization next slide

Cross Certification

Web of Trust model

Web of Trust model (n/b)Web of Trust is a PKI with no central hierarchy,

it’s literally a web. It’s like 6 degrees of separation.

• Bob vouches for Andy• Sarah trusts Bob, so she trusts the identity of

Andy• Sara vouches for Bob• Steve trusts Sara, therefore he trusts the

identities of Bob, and Andy via Sarah…• PGP uses web of trust

Web of Trust

Example PGP verification

Do an example of verifing the signature of ClamAV (pentest1).

PGP verify

Multiple Certificates (133)

Some PKIs use multiple certificates, and as such multiple public/private key pairs.

• One for digitally signing data

• One for encrypting data

Why would we want to have two different keys? (Hint. think key storage and non-repudiation)

Certificate Renewals (125)Certificates have a lifetime after which they expire.

Why?

When a certificate expires you have to renew it. You don’t have to go through the RA again. You just have to be able to sign a message with your old private key.

When renewing you can use the old public/private key pair or generate a new key pair. What is the advantage of generating a new pair?

Certificate Revocation (126)

We have a wonderful system of distributing and verifying Digital Identities (certificates). But we may need to revoke a users digital Identity?

Why?

1. Hint – think encryption

2. Hint – think Human Resources

(more)

Certificate Revocation (126)The CA publishes a Certificate Revocation List.

• Certificate serial number that have been revoked

• Reason for revocation

• Date of revocation

• The CRL is digitally signed by the CA – why?

(more)

Certificate Revocation (126)• Client software must check the CRL before

trusting a digital certificate

• Once a certificate is revoked, it cannot be “un-revoked”

• A certificate could be suspended, (or put on hold) this also goes on the CRL, however a special “reason” of suspended is used.

• Suspended certificates MAY be un-suspended

OCSP (129)

Online Certificate Status Protocol – a client server model, where a client program actually queries a server to see if someone’s certificate is valid. This way the client does not need to know how to find the CRL for the given certificate Authority and doesn’t have to actually search through the CRLS.

Be aware of this term for the exam.

Key Recovery (133)When an organization uses encryption to protect

data, we must also protect the keys. For example if Bob encrypts all his work and then quits, we need to be able to retrieve his private key to un-encrypt his work!

• This is called “key archiving”• Only backup the encryption private key in a multi-

certificate system – why?• Need to ensure the safety of these backups• Use dual controls (m of n) concept to protect keys

- explain(more)

Key Recovery (133)

• No need to backup public keys.

• The process of using backup keys is called key recovery.

• Key recovery should be highly audited!

Key Escrow (135)

Like Key archiving, but uses a third party to store your keys.

Clipper chip was a type of key escrow

Certificate Extensions (123)

Allow for further information to be inserted within a digital certificate

• Introduced in X.509 v3

• Important extension is “key usage” – which defines what the public key may be used for– Ex. Use for S/MIME email, or for code signing

Critical Extensions (124)

Extensions are considered “critical” or “non-critical” indicated by a flag within the certificate. When the critical flag is set, if your software does NOT know how to understand and process the extension, it must NOT be used! Understand this for the exam.

PKI concerns

• What happens if my CA is compromised?• What happens if your Certificate repository

is compromised?• What happens if someone gets my digital

certificate?• A Digital Certificate contains a users public

key. Why?• Does it make sense to put a private key in

a Digital Certificate?

PKI concerns

• Remember PKI requires public keys (in the certificate) and private keys (kept private to a user). Often private keys are kept in storage on a hard drive, or on a removable drive (USB key)

• What are some concerns and countermeasures dealing with private key storage?

• Extended Validation Digital Certificates

PKI review questionsQ. What is a digital certificate generally analogous to?

Q. What are the two most important pieces of info in a digital certificate

Q. Why would you use multiple certificates

Q. If you have 100 users, in a 2 certificate model (encryption & signing) how many total keys do you have?

PKI reviewQ. What is key escrow

Q. How do I validate the identity of a certificate that someone has given me? When does the validation chain end?

Q. What version of X.509 were extensions added?

Q. My certificate has been revoked, how do I “un-revoke it”