1

Smart Grid Cybersecurity Committee

July 28, 2017

2

2017 Technical Program

Smart Grid Cybersecurity Committee (SGCC)

Working Group Meeting

3

GridSummit.org

Antitrust Guidelines for SEPA Meetings & Conferences

• SEPA'S MISSION – is to facilitate the utility industry’s smarttransition to a clean energy future through education, research,standards, and collaboration.

• YOUR ROLE AT SEPA MEETINGS AND CONFERENCES – variesbased on what you are attending, but could include sharinginformation with and learning from peers, potential partners,and industry experts and/or to provide guidance to SEPA on itsactivities. Consult with your company counsel if at any time youbelieve discussions are touching on sensitive antitrust subjectssuch as pricing, bids, allocation of customers or territories,boycotts, tying arrangements and the like.

• DO NOT DISCUSS – pricing, price terms, such as, for example,discount and credit policies, promotions, or product categorypricing levels and industry pricing levels, production capacity, orcost information which is not publicly available; confidentialmarket strategies or business plans; or other competitivelysensitive information. Do not disparage suppliers and/orcompetitors of SEPA and/or SEPA Members and participants.

• BE ACCURATE, OBJECTIVE, AND FACTUAL – in any discussionsof goods and services offered in the market by others, includingyour competitors, suppliers, and customers.

• SEPA DOES NOT RECOMMEND – the use of particular vendors,contractors or consultants. SEPA will not promote or endorsecommercial products or services of third parties. You must drawyour own conclusions and make your own choicesindependently.

• DO NOT AGREE WITH OTHERS – to discriminate against orrefuse to deal with (i.e., "boycott") a supplier; or to do businessonly on certain terms and conditions; or to set price, dividemarkets, or allocate customers.

• PLEASE BE AWARE – that an agreement regarding price neednot relate to a specific price, but may relate to levels, discountspolicy, allowance policy, and other terms affecting price levelsor movements and may be inferred from a discussion andensuing conduct.

• DO NOT TRY TO INFLUENCE – or advise others on their businessdecisions, and do not discuss yours (except to the extent thatthey are already public).

• ASK – for advice from your own legal department, if you havequestions about any aspect of these guidelines or about aparticular situation or activity at SEPA; or ask the responsibleSEPA manager to contact SEPA's Legal Counsel.

The antitrust laws and other business laws apply to SEPA, its members, funders, and advisers; violations can lead to civil and criminalliability. SEPA is committed to full compliance, as well as to maintaining the highest ethical standards in all of our operations and activities.

These guidelines apply to all occasions: before, during, and after SEPA meetings and conferences, including in the hallways, over lunch,cocktails and at dinner.

4

GridSummit.org

Agenda

• SGCC Cyber-Physical Resiliency Subgroup Presentation• Chair: Dr. Elizabeth Sisley, Calm Sunrise Consulting, LLC

• Vice Chair: Dr. Michael Cohen, MITRE Corp.

• OpenFMB™ Cybersecurity• Aaron Smallwood, Directory – Technology, SEPA

Working Group Updates

SGCC Leadership

• PKI: All the Facts You Wanted to Know and Were Afraid to Ask• Presentation by William T. Polk, Group Manager for Cryptographic Technology

Group, National Institute of Standards and Technology (NIST)

Presentation: Public Key Infrastructure (PKI)

5

Cyber-Physical Resiliency

Chair: Dr. Elizabeth Sisley

Vice-Chair: Dr. Michael Cohen

6

GridSummit.org

Cyber-Physical Resiliency

Why SGCC (Smart Grid Cybersecurity Committee) andGAWG (Grid Architecture Working Group) both Sponsor

Resiliency

• The Smart Grid needs not only sound architecture for functionality and cybersecurity for security, but also resilience to satisfy its high operational availability requirements.

• There are existing best practices and tools (and an opportunity to identify any gaps), that could be more widely used across system(s) lifecycle, to address the need for Cyber-Physical Resiliency.

Architecture/Engineering

CybersecurityCyber-Physical

Resiliency

7

GridSummit.org

What Problem Do We Have?

• Takeaway: The electric system is, for better or worse, of such size and complexity of: Stakeholders

Decision-makers

Changing Technologies

… that it will not stand still to be designed like a single system-of-systems, nor will there be a person or group of people charged with designing it as such.

• Resilience implies adaptability to change and improvement.

• It must also continue to operate in providing electricity while being understress, attack, and upgrade.

E.G. Continue to deliver electricity while

sophisticated adversary is inside the system.

8

GridSummit.org

Resiliency Definitions

The term "resilience" means the ability to prepare for and adapt to changing conditions

and withstand and recover rapidly from disruptions. Resilience includes the ability to

withstand and recover from deliberate attacks, accidents, or naturally occurring threats or

incidents.

Traditionally this is Architecture/ Engineering

The terms "secure" and "security" refers to reducing the risk to critical infrastructure by

physical means or defensive cyber measures to intrusions, attacks, or the effects of natural or

manmade disasters.

Traditionally this is Cybersecurity

Both Architecture/Engineering and Security are Necessary

Presidential Policy Directive 21 –Critical Infrastructure Security and Resilience

9

GridSummit.org

Deliverables

• Phase 1 (launched Sept 29th):• Catalog/Repository

• Identify Published Best Practices

• Inclusion Criteria

• Architecture/Engineering

• Cybersecurity

• Exclusion Criteria

• Webinar March 21st: registered 207, attended 95

• Will publish via SEPA process

• Phase 2 (just launching):

• Task 1: Identification of Smart Grid Resiliency Gaps

• Task 2: Prepare Resiliency Gap Filler Supplement to NISTIR 7628 Rev.1

Red text – update from Tuesday’s Grid Architecture Working Group

10

GridSummit.org

Inclusion Criteria: Lifecycle

• Focuses on resilience that is designed and engineered into the Cyber-Physical System (CPS) itself

• Designs the CPS to use evolving technologies, such as predictive self-healing, to allow systems to automatically fix themselves

• Designs the CPS to gracefully shut down, and implement fault tolerance mechanisms

• Design CPS to operate in degraded or alternative modes of operation, and recovery.

• Lessens the reliance of the CPS on external dependencies or mitigates the impacts of the loss of those dependencies

11

GridSummit.org

Architecture/Engineering: Inclusion Criteria

• Describes employment of all resilience strategies during CPS design and operations such as:

Eliminating single points of failure and designing for fault tolerance

Utilizing redundancy and diversity/heterogeneity

Includes the use of analog or manual backups

Design for Graceful Degradation

12

GridSummit.org

Cybersecurity:Inclusion Criteria

• Describes employment of all resilience strategies during CPS design and operations such as:

NIST Framework functions: Identify, Protect, Detect, Respond, and Recover

Anticipate, continue to operate correctly in the face of, recover from, and evolve to better adapt to advanced cyber threats

Malware and forensic analysis

Technical defense-in-depth

Dynamic threat modeling

13

GridSummit.org

Exclusion Criteria

• Focuses exclusively on traditional IT Cybersecurity, addressed by e.g. NIST 800-53 Rev 4, etc.

• Focuses exclusively on traditional physical security external to the system, e.g., guns, gates, and guards

• Focuses on IT supply chain risk management, addressed by e.g. NIST 800-161, NERC-013, etc.

• Focuses on external (to the CPS) organizational continuity of operations/disaster recovery processes and procedures.

Reference them as related processes, such as Disaster Recovery Institute Best Practices, NIST 800-34, enterprise risk management manuals SP-800-30, -35 & -37, etc.

14

GridSummit.org

20+ List of Candidate Best Practices

• Systems Engineering – INCOSE.org worldwide education: BS, MS, Ph.D.

• Systems Security Engineering An Integrated Approach to Building Trustworthy Resilient Systems

• Cyber-Physical Systems Framework

• NISTIR 7628 Rev 1

• Cyber Resiliency Engineering Aid-The Updated Cyber Resiliency Engineering Framework and Guidance on Applying Cyber Resiliency Techniques

• CREDC: Cyber Resilient Energy Delivery Consortium

• IIC Security Framework

• Named Data Networks (NDN) and its applicability to critical and challenged networks

• MITRE-Developed Cyber Security and Resiliency Assessment Tools

• Intelligence Preparation for Operational Resilience (IPOR)

• CERT® Resilience Management Model (RMM) v1.1: Code of Practice Crosswalk

• CRR NIST Framework Crosswalk Cross-reference chart for how the NIST Cybersecurity Framework aligns to the Cyber Resilience Review (CRR)

• IEC TC57 WG15 - IEC 62351-12 Resilience and security for power systems with Distributed Energy Resources (DER)

• Stanford Seminar - Engineering Cyber Resiliency: A Pragmatic Approach - (references to power grid & tool)

• Cybersecurity Procurement Language for Energy Delivery Systems

• And more!

15

GridSummit.org

Catalog/Repository

Attributes

1. Item Name (short) 8. Classify as Specify, Design, Build (Re-Engineer), Operate

2. Item Full Title 9. Short Description

3. URL 10. Attribute indicating whether the item contains Cybersecurity, or Architectural, or Both, specific to addressing resiliency and its cousins e.g. availability, reliability, fault-tolerance, etc.

4. Linked to Industry Standards 11. Context (specific technique, set of processes, framework, tool, etc.)

5. Content Owner 12. Maturity / Industry Acceptance Level of this Technique. (To show history include origination date and date of last modification)

6. Education: webinars, training/classes, degrees, etc.

13. Attribute indicating whether the item contains Cybersecurity, or Architecture, or Both specific to addressing resiliency and its cousins e.g. availability, reliability, fault-tolerance, etc.

7. Applicability to What Grid Domains

Etc.

16

GridSummit.orgPhase 2 (just launching)

• Task 1: Identification of Smart Grid Resiliency Gaps

• Task 2: Prepare SEPA Resiliency [Gap Filler]

Supplement to NISTIR 7628 Rev.1

• NOTE: Call for Participation

• Details during Friday’s 1:00-3:00 Smart Grid

Cybersecurity Committee (SGCC) meeting

17

GridSummit.orgPhase 2: Proposed Tasks

Task 1:Identification of Smart Grid Resiliency Gaps

Cross- Walk Between NISTIR 7628r1 and

Resiliency Controls

• Identify resiliency gaps that currently exist in NISTIR 7628 Rev1.

Objective: Enable Smart Grid resilience as well as Cybersecurity

Resiliency Best

Practice

Resiliency Best

Practice

Resiliency Best

Practice

Systems Security

Engineering : Appendix

H

Cyber-Physical Systems

Framework

Cyber Resiliency

Engineering Aid

SG.AC-1

SG.AC-2

SG.AC-3

SG.AC-4

SG.AC-5

SG.AC-6

SG.AC-7

SG.AC-8

SG.AC-9

SG.AC-10

SG.AC-11

SG.AC-12

SG.AC-13

SG.AC-14

SG.AC-15

SG.AC-16

SG.AC-17

SG.AC-18

SG.AC-19

SG.AC-20

SG.AC-21

Access Control Policy and Procedures

Remote Access Policy and Procedures

Account Management

Access Enforcement

Awareness and Training (SG.AT)

NISTIR 7628, Rev. 1 High-Level Security RequirementsAccess Control (SG.AC)

Concurrent Session Control

Session Lock

Remote Session Termination

Permitted Actions without Identification or Authentication

Remote Access

Wireless Access Restrictions

Information Flow Enforcement

Separation of Duties

Least Privilege

Unsuccessful Login Attempts

Smart Grid Information System Use Notification

Previous Logon Notification

Access Control for Portable and Mobile Devices

Use of External Information Control Systems

Control System Access Restrictions

Publicly Accessible Content

Passwords

NISTIR 7628 Rev.1 MAPPING to Resiliency Best Practices

18

GridSummit.org

Phase 2

Proposed Tasks Task 2: Prepare SEPA Resiliency [Gap Filler] Supplement to NISTIR 7628 Rev.1

This task will prepare a draft

Resiliency Supplement to NISTIR

7628r1. Entries will consist of:

• Resiliency Family Name (either an existing Security Requirement Family Name or a new Resiliency Family Name)

• Resiliency Requirement Description

• Requirement Enhancements (optional)

• Additional Considerations (optional)

• Impact Level Allocation

19

GridSummit.org

Agenda

• SGCC Cyber-Physical Resiliency Subgroup Presentation• Chair: Dr. Elizabeth Sisley, Calm Sunrise Consulting, LLC

• Vice Chair: Dr. Michael Cohen, MITRE Corp.

• OpenFMB™ Cybersecurity• Aaron Smallwood, Directory – Technology, SEPA

Working Group Updates

• Nelson Hastings

SGCC Leadership

• PKI: All the Facts You Wanted to Know and Were Afraid to Ask• Presentation by William T. Polk, Group Manager for Cryptographic Technology

Group, National Institute of Standards and Technology (NIST)

Presentation: Public Key Infrastructure (PKI)

20

GridSummit.org

Agenda

• SGCC Cyber-Physical Resiliency Subgroup Presentation• Chair: Dr. Elizabeth Sisley, Calm Sunrise Consulting, LLC

• Vice Chair: Dr. Michael Cohen, MITRE Corp.

• OpenFMB™ Cybersecurity• Aaron Smallwood, Directory – Technology, SEPA

Working Group Updates

• Nelson Hastings

SGCC Leadership

• PKI: All the Facts You Wanted to Know and Were Afraid to Ask• Presentation by William T. Polk, Group Manager for Cryptographic Technology

Group, National Institute of Standards and Technology (NIST)

Presentation: Public Key Infrastructure (PKI)

21

NIST Cybersecurity Smart Grid Efforts and

Proposed SGCC Activities

Nelson Hastings, NIST

Cybersecurity and Privacy Applications Group Leader

Applied Cybersecurity Division

22

GridSummit.org

NIST Smart Grid Cybersecurity Efforts

• Supporting SEPA by chairing the Smart Grid Cybersecurity Committee (SGCC)

• Applying the NIST Cybersecurity Framework to identity/characterize risk to emerging smart grid architectures

• To be integrated into the NIST Smart Grid Interoperability Framework update

Security of Grid Edge Devices

• Grid edge devices include Smart Meters, Inverters, Thermostats, HVAC systems, …

• Securing these devices is critical to scaling control systems that may leverage grid edge devices.

• The NISTIR 7628 provides Guidelines forSmart Grid Cyber Security.

• Ideally we would like a strategy to decompose these system level guidelines to device specifications.

Profiling performance of Grid Edge Devices

• We are currently developing technology to profile the performance impact of security solutions on grid edge devices.

• The eventual goal is to balance cybersecurity tools across a DER architecture, minimizing system level risk exposure.

• Diversity in design, legacy and communication protocols pose a challenge – requiring continuing engagement with device manufacturers.

25

GridSummit.org

Proposed SGCC Activities for Discussion

• Develop best practices for identity management from a relying party perspective

• Managing identities of an organizations employees or owned devices verses customers or devices not owned by an organization connected to their network

• Profiling the NIST Cybersecurity Framework for a smart grid use case

• Similar to what was created for the manufacturing sector

• http://csrc.nist.gov/cyberframework/documents/Manufacturing-Profile-DRAFT.pdf

26

GridSummit.org

An Example: Manufacturing Profile

27

GridSummit.org

Core Cybersecurity Framework Components

What processes and assets need protection?

What safeguards are available?

What techniques can identify incidents?

What techniques can contain impacts of

incidents?

What techniques can restore capabilities?

Core Cybersecurity Framework Components

28

Function Category ID

Identify

Asset Management ID.AM

Business Environment ID.BE

Governance ID.GV

Risk Assessment ID.RA

Risk Management Strategy

ID.RM

Protect

Access Control PR.AC

Awareness and Training PR.AT

Data Security PR.DS

Information Protection Processes & Procedures

PR.IP

Maintenance PR.MA

Protective Technology PR.PT

Detect

Anomalies and Events DE.AE

Security Continuous Monitoring

DE.CM

Detection Processes DE.DP

Respond

Response Planning RS.RP

Communications RS.CO

Analysis RS.AN

Mitigation RS.MI

Improvements RS.IM

RecoverRecovery Planning RC.RP

Improvements RC.IM

Communications RC.CO

Subcategory Informative ReferencesID.BE-1: The organization’s role in the supply chain is identified and communicated

COBIT 5 APO01.02, DSS06.03ISA 62443-2-1:2009 4.3.2.3.3ISO/IEC 27001:2013 A.6.1.1NIST SP 800-53 Rev. 4 CP-2, PS-7, PM-11

ID.BE-2: The organization’s place in critical infrastructure and its industry sector is identified and communicated

COBIT 5 APO08.04, APO08.05, APO10.03, APO10.04, APO10.05ISO/IEC 27001:2013 A.15.1.3, A.15.2.1, A.15.2.2NIST SP 800-53 Rev. 4 CP-2, SA-12

ID.BE-3: Priorities for organizational mission, objectives, and activities are established and communicated

COBIT 5 APO02.06, APO03.01NIST SP 800-53 Rev. 4 PM-8

ID.BE-4: Dependencies and critical functions for delivery of critical services are established

COBIT 5 APO02.01, APO02.06, APO03.01ISA 62443-2-1:2009 4.2.2.1, 4.2.3.6NIST SP 800-53 Rev. 4 PM-11, SA-14

ID.BE-5: Resilience requirements to support delivery of critical services are established

ISO/IEC 27001:2013 A.11.2.2, A.11.2.3, A.12.1.3NIST SP 800-53 Rev. 4 CP-8, PE-9, PE-11, PM-8, SA-14

29

GridSummit.org

Ways to think about a Profile

• A customization of the Core forgiven sector, subsector, or organization

• A fusion of business/mission logic and cybersecurity outcomes

• An alignment of cybersecurity requirements with operational methodologies

• A basis for assessment and expressing target state

• A decision support tool for cybersecurity risk management

Identify

Protect

Detect

Respond

Recover

30

GridSummit.org

Business/Mission Objectives

Prioritized cybersecurity practices that will promote and support key business/mission goals for the manufacturer.

Maintain Personnel Safety

Maintain Environmental Safety

Maintain Product Quality

Maintain Production Goals

Maintain Trade Secrets

31

GridSummit.org

32

ID.AM-1 Physical devices and systems within the organization are inventoried

32

Profile Example ID AM

33

GridSummit.org

Profile Language ID.AM-1

37

GridSummit.org

Agenda

• Nelson Hastings

SGCC Leadership

• SGCC Cyber-Physical Resiliency Subgroup Presentation

• Chair: Dr. Elizabeth Sisley, Calm Sunrise Consulting, LLC

• Vice Chair: Dr. Michael Cohen, MITRE Corp.

• OpenFMB™ Cybersecurity• Aaron Smallwood, Directory – Technology, SEPA

Working Group Updates

• PKI: All the Facts You Wanted to Know and Were Afraid to Ask• Presentation by William T. Polk, Group Manager for Cryptographic Technology

Group, National Institute of Standards and Technology (NIST)

Presentation: Public Key Infrastructure (PKI)

38

Why PKI Is So Darn ComplicatedandWhy You Might Want to Use it Anyway

• Tim Polk

• wpolk@nist.gov

39

GridSummit.org

Objectives

• Establish the historical context

• Understand how PKI works• Why it is so complex

• Which design choices matter

• Recognize which problems PKI can (and can’t) solve

40

History of PKI

in 4 Slides

41

GridSummit.org

Secret Key Cryptography is Easy, Key Management is Hard

• Sharing secrets has always been hard

• Secret key cryptography is easy (Caesar

could do it!)

This allows Alice and Bob to share a secret

But there is a bootstrap problem

• You have to share a secret, and sharing secrets has

always been hard

42

GridSummit.org

Public Key Cryptography is Easy, Key Management is Hard

• 1976, public key cryptography is invented and sharing

secrets is easy Alice uses her private key, which no one else knows, to

encrypt a message

Alice shares her public key with everyone, Bob uses it to

decrypt the secret

But there is a bootstrap problem

• authenticating the public key (e.g., ensuring it [still] belongs to Alice)

is hard – almost as hard as sharing a secret

• Public key certificates were proposed soon after But we need a scalable mechanism for authenticating

certificates

And saying that key is no good anymore

43

GridSummit.org

PKI Standards are simple, as long as you support one application

• 1988, the X.509 certificate standard is published “to

facilitate the interconnection of information processing

systems“ for the emerging Global X.500 directory Approximately 12 of the 21 normative pages specify formats

and processes to create a strictly hierarchical trust

infrastructure, so a single public key authenticates the world

• Hey, we can use that to support lots of applications! But many details required to support more general applications

are omitted, so they soon published versions 2 and 3

And the emerging Global directory system doesn’t materialize

44

GridSummit.org

The great thing about PKI standards is there are so many of them

• 1999, IETF publishes RFC 2459 to align X.509 v3

with the needs of Internet applications and leverage

the Lightweight Directory Protocol• RFC 2459 had 64 normative pages, and another 65

pages of appendices “to aid implementers”

• And we omitted stuff in 2459, so we had to publish RFCs

3280 and 5280

• And another 67 supporting RFCs to cover new revocation

strategies, logos, and trust anchors

45

GridSummit.org

So Why In the WorldShould You Use PKI?

• PKI offers a scalable mechanism to implement strong authentication to systems, digitally sign documents and code, share secret keys to support encrypted email, sessions, etc., etc., etc.

• As a toolkit, it is kind of a Swiss Army knife for security, supporting a broad range of applications and services Of course, a Swiss Army knife isn’t usually the very best

knife for any particular purpose

• When features are carefully chosen, it can be a very successful and straightforward mechanism

46

GridSummit.org

PKI Roles and Objects

• Mandatory Roles and Objects Certification authorities (CAs), Registration authorities

(RAs), a repository to store and distribute certificates and CRLs, certificate subjects (the entities that hold the private keys), and “relying parties” (who use the public keys)

• Optional Attribute certificates to specify extra information about

certificate subjects

Certificate Status Responders

Path Validation Servers

47

GridSummit.org

Certificates

• Certificates bind an identity (the subject) to a publickey.

• An issuing or certifying authority builds a certificate that contains:

• Subject’s Distinguished Name

• Subject’s Public Key

• Issuer’s Distinguished Name

• Extensions that further describe the subject, limit the use of the key, or

• The issuer digitally signs the certificate so no one can change its contents.

Certificateof

Authenticity

48

GridSummit.org

X.509 Certificate Format

SERIAL NUMBER

v1 or v2 or v3

O=USG, OU=Commerce, CN=CA1

VERSION

12345

SIGNATURE ALGORITHM RSA with SHA-2

ISSUER

VALIDITY 1/1/16 - 1/1/19

SUBJECTO=USG, OU=Commerce,

CN=Tim PolkSUBJECT PUBLIC

KEY INFORSA, 48...321

ISSUER UNIQUE IDACBDEFGH

SUBJECT UNIQUE ID RSTUVWXY

EXTENSIONS

SIGNATURE

49

GridSummit.org

Public Keys

• Public key associated with any asymmetric algorithm

• Public key used to support:• Digital Signature and Non-repudiation

• Key Management

• Data Encipherment

• Certificate Signature

• Certificate Revocation List Signature

Best Current Practice: Give certificate subjects two ECC keys,one for signatures and another for key management.

50

GridSummit.org

X.509 Certificate Extensions

• Authority Key Identifier

• Subject Key Identifier

• Key Usage

• Private Key Usage Period

• Certificate Policies

• Policy Mappings

• Subject Alternative Name

• Issuer Alternative Name

• Freshest CRL

• Basic Constraints

• Name Constraints

• Policy Constraints

• Extended Key Usage

• CRL Distribution Points

• Inhibit Any-Policy

• Authority Information Access

• Subject Information Access

• Subject Directory Attributes

Please don’t define your own proprietary extension.We have at least one solution for almost everything!

51

GridSummit.org

Certificate Revocation Lists (CRLs)

• Lists of certificates that should no longer be

trusted

Can be big!

• Delta CRLs, Sliding Window Delta CRLs,

Indirect CRLs are all optimizations for

different environments

52

GridSummit.org

X.509 CRL Format

VERSION

SIGNATURE ALGORITHM RSA with SHA-2

v1 or v2

O=USG, OU=Commerce, CN=CA1 ISSUER

LAST UPDATE 7/28/17

NEXT UPDATE7/29/17

REVOKED

CERTIFICATES

CRL EXTENSIONS

SIGNATURE

SEQUENCE OF

SERIAL NUMBER 12345

REVOCATION DATE6/4/17

CRL ENTRY EXTENSIONS

53

GridSummit.org

Certification Authority

• Establish and maintain an accurate binding between the public key and attributes contained in a certificate

• Manages and publishes certificates

Issues and renews certificates

Issues Certificate Revocation Lists (CRLs)

• Initializes tokens (optional)

• Generates and provides recovery for public/private key pairs (optional)

54

GridSummit.org

How do I get a certificate,anyway?

• The RA confirms the subjects identity and any other

attributes in the certificate, then the CA issues the

certificate and passes it to both the certificate

subject and the repository

• Two basic strategies:

Face-to-face registration

Online registration

• Unfortunate note: there are lots of Certificate

Management Protocols to implement this

55

GridSummit.org

Making it Scale: Certification Path

Alice can verify Bob’s certificate by verifying a chain of certificates ending in one issued by a Certification Authority (CA) she trusts

56

GridSummit.org

Making it Scale:Public Key Infrastructure Topologies

57

GridSummit.org

Customizing PKI

• Online Certificate Status Protocol (OCSP)

Responder answers the basic question: is this certificate

revoked?

Irrevocable trust in OCSP responder

• Delegated Path Validation

Trusted server builds the entire path, but the relying party

makes its own decision

• Simple Certificate Validation Protocol (SCVP)

Server builds path and validates it for the client

58

GridSummit.org

Which leaves us with…

• A certificate subject (Alice) with a couple of private

keys and certificates who wants to sign and/or

encrypt some data

• A relying party (Bob) that

has selected one or more trusted roots,

knows how to build and validate a path, and

Can use public keys from validated certificates to verify

the signature or decrypt the data

• And this works even though Alice and Bob may

work for different organizations

59

GridSummit.org

Takeaways

PKI is not for the faint of heart, but…

PKI provides a scalable and flexible foundation for the full range of cryptographic security in applications across organizational boundaries

THANK YOU