PKI FUNDAMENTALS, STATE OF THE ART, VULNERABILITIES by by Bl Fyem - - PowerPoint PPT Presentation

PKI FUNDAMENTALS, STATE OF THE ART, VULNERABILITIES

by Bíólá Fáyemí CISSP, CCNP,CCDP Founder/CEO CircuitContext Technologies Inc. Oakville,ON, Canada by Bíólá Fáyemí CISSP, CCNP,CCDP Founder/CEO CircuitContext Technologies Inc. Oakville,ON, Canada

DELIVERED AT THE 11TH INTERNATIONAL CONFERENCE OF THE NIGERIA COMPUTER SOCIETY (NCS) HELD AT THE ROYAL PARK HOTEL, ILOKO-IJESA, THE STATE OF OSUN, NIGERIA (24-26 JULY, 2013) DELIVERED AT THE 11TH INTERNATIONAL CONFERENCE OF THE NIGERIA COMPUTER SOCIETY (NCS) HELD AT THE ROYAL PARK HOTEL, ILOKO-IJESA, THE STATE OF OSUN, NIGERIA (24-26 JULY, 2013)

PKI

A Public Key Infrastructure is a framework for issuing and managing digital certificates. A Digital Certificate binds an identity to and electronic public key A public key is paired with a corresponding private key to produce a unique key pair A Public Key Infrastructure is a framework for issuing and managing digital certificates. A Digital Certificate binds an identity to and electronic public key A public key is paired with a corresponding private key to produce a unique key pair

A LITTLE ABOUT ME

Abíólá Fáyemí CISSP, CCNP, CCDP

Internetworking and Security Consultant 28 years industry experience working on Large Scale Network Design, Vulnerability Research and Internet Security at Industry bellwethers : SITA America Online Cisco Systems Nortel Networks SOMA Networks nCircle Network Security

Abíólá Fáyemí CISSP, CCNP, CCDP

Internetworking and Security Consultant 28 years industry experience working on Large Scale Network Design, Vulnerability Research and Internet Security at Industry bellwethers : SITA America Online Cisco Systems Nortel Networks SOMA Networks nCircle Network Security

INFORMATION SECURITY MANTRA

 Protecting information and information systems from:  (unauthorized) access, use, disclosure, perusal, inspection,

recording

 disruption, modification, software/database failure  Denial of Service, deterioration, failures or destruction.  The words above all fall under one or more of the core

principles of Information Security, namely:

 Confidentiality  Integrity  Availability  Protecting information and information systems from:  (unauthorized) access, use, disclosure, perusal, inspection,

recording

 disruption, modification, software/database failure  Denial of Service, deterioration, failures or destruction.  The words above all fall under one or more of the core

principles of Information Security, namely:

 Confidentiality  Integrity  Availability

AND MORE …

 Authenticity (or Authentication)

In information Security, authentication requires that all parties involved in transactions, communications and information exchanges validate who they claim to be.

 Non-repudiation

This is the principle that implies that any party to a transaction or information exchange cannot deny engagement with that transaction. In Electronic commerce and other secured transaction channels, technologies such as digital signatures and public key encryption are deployed to establish authenticity and non-repudiation.

 Authenticity (or Authentication)

In information Security, authentication requires that all parties involved in transactions, communications and information exchanges validate who they claim to be.

 Non-repudiation

This is the principle that implies that any party to a transaction or information exchange cannot deny engagement with that transaction. In Electronic commerce and other secured transaction channels, technologies such as digital signatures and public key encryption are deployed to establish authenticity and non-repudiation.

CONFIDENTIALITY

 Confidentiality – To keep your information from

prying eyes

 Cryptography (Encryption) is used to convert

intelligible plaintext to unintelligible ciphertext.

 Confidentiality – To keep your information from

prying eyes

 Cryptography (Encryption) is used to convert

intelligible plaintext to unintelligible ciphertext.

DELIVERED AT THE 11TH INTERNATIONAL CONFERENCE OF THE NIGERIA COMPUTER SOCIETY (NCS) HELD AT THE ROYAL PARK HOTEL, ILOKO-IJESA, THE STATE OF OSUN, NIGERIA (24-26 JULY, 2013)

INTEGRITY – BACK IN THE DAY

INTEGRITY A LA PKI

WHAT DOES PKI PROVIDE ?

The foundation for delivering essential elements of secure e- Government and e-Commerce – Authentication – Access Control – Privacy – Integrity – Non-Repudiation The foundation for delivering essential elements of secure e- Government and e-Commerce – Authentication – Access Control – Privacy – Integrity – Non-Repudiation

THE ESSENCE OF PKI

 Cryptography provides the foundation of a PKI  Cryptographic keys are the foundation

• f cryptographic functions

 PKI is built around the concept of each entity having a PAIR

• f mathematically related keys
• Public Key – Known by Many
• Private Key – Known by ONE

 Digital signatures and public key encryption are the bedrock

• f Public Key Infrastructure

 Cryptography provides the foundation of a PKI  Cryptographic keys are the foundation

• f cryptographic functions

 PKI is built around the concept of each entity having a PAIR

• f mathematically related keys
• Public Key – Known by Many
• Private Key – Known by ONE

 Digital signatures and public key encryption are the bedrock

• f Public Key Infrastructure

PKI : BRIEF TIMELINE

 Public key crypto invented in 1976  First mention of a public key certificate in 1978  First certificate standards (X.509) issued in 1988  First IETF certificate standard issued in 1993  Later half of 1990’s were full of hope, and hype

 emergence of the World Wide Web  .com boom  VeriSign founded (1995)  SSL invented & deployed in browsers  Expiration of Diffie-Hellman & RSA patents

 Public key crypto invented in 1976  First mention of a public key certificate in 1978  First certificate standards (X.509) issued in 1988  First IETF certificate standard issued in 1993  Later half of 1990’s were full of hope, and hype

 emergence of the World Wide Web  .com boom  VeriSign founded (1995)  SSL invented & deployed in browsers  Expiration of Diffie-Hellman & RSA patents

BUILDING BLOCKS

 The basic building block of a PKI is a (digital)

Certificate.

 The entity creating a certificate is called a

Certification Authority (CA) The core components of a Certificate are:

• 1. Name(s) of entity that the certificate refers to.
• 2. The public key of the entity.
• 3. A digital signature created by the CA.

 Certificates and CAs enable a chain of trust to be

built.

 The basic building block of a PKI is a (digital)

Certificate.

 The entity creating a certificate is called a

Certification Authority (CA) The core components of a Certificate are:

• 1. Name(s) of entity that the certificate refers to.
• 2. The public key of the entity.
• 3. A digital signature created by the CA.

 Certificates and CAs enable a chain of trust to be

built.

KEYS ARE THE KEY !!!

SYMMETRIC KEYS

ASYMMETRIC KEYS !!!

OVERVIEW - COMPONENTS OF PKI TECHNOLOGY

PKI technology consists of three basic parts:

 A Registration Authority (RA) - The RA is the authentication

process in the network that verifies user requests for a digital certificate. The RA tells the certificate authority (CA) to issue the digital certificate.

 A Certificate Authority (CA) - The CA issues (and revokes) the

digital certificate, which contains a public key and the identity of the owner. This certificate validates that this public key actually belongs to the certificate.

 A Database - The repository, or database, stores the digital

certificates. PKI technology consists of three basic parts:

 A Registration Authority (RA) - The RA is the authentication

process in the network that verifies user requests for a digital certificate. The RA tells the certificate authority (CA) to issue the digital certificate.

 A Certificate Authority (CA) - The CA issues (and revokes) the

digital certificate, which contains a public key and the identity of the owner. This certificate validates that this public key actually belongs to the certificate.

 A Database - The repository, or database, stores the digital

certificates.

WHAT A CERTIFICATE LOOKS LIKE

SECURITY NOTICE

DIGITAL SIGNATURE DETAILS - GENERAL

DIGITAL SIGNATURE DETAILS - ADVANCED

VIEW CERTIFICATE GENERAL

VIEW CERTIFICATE DETAILS

VIEW CERTIFICATE PATH

IMPLEMENTATION – DESIGN (ARCHITECTURE)

 A PKI framework may be designed as a

hierarchical Certificate Authority (CA) trust model, which will map with, or closely approximate the administrative structure of governance.

 This architecture calls for a Root CA and several

(accredited) subordinate CAs

 A PKI framework may be designed as a

hierarchical Certificate Authority (CA) trust model, which will map with, or closely approximate the administrative structure of governance.

 This architecture calls for a Root CA and several

(accredited) subordinate CAs

MODELS - HIERARCHICAL

DESIGN … (ARCHITECTURAL COMPONENTS)

In this hierarchical CA trust model, each CA will be functioning as one of the following:



Root CA: The root CA functions as the authority over all subordinate CAs located beneath it. The root CA is the parent that issues certificates to the subordinate CAs beneath it. The root CA creates a self-signed certificate for itself. For a Digital Signature to have legal force, it must derive its trust from the National Root CA certificate



Subordinate CAs: There are two types of subordinate CAs in the hierarchical CA model, namely:



Intermediate CAs: An intermediate CA is a subordinate CA which is located between a root CA and other subordinate CAs, called leaf CAs. The function of an intermediate CA is to issue certificates to leaf CAs and subscribing entities



Leaf CAs: The function of a leaf CA is to issue to certificates to users, servers and services.

The Subordinate CAs will be accredited and regulated by the Root Certifying Authority.

In this hierarchical CA trust model, each CA will be functioning as one of the following:



Root CA: The root CA functions as the authority over all subordinate CAs located beneath it. The root CA is the parent that issues certificates to the subordinate CAs beneath it. The root CA creates a self-signed certificate for itself. For a Digital Signature to have legal force, it must derive its trust from the National Root CA certificate



Subordinate CAs: There are two types of subordinate CAs in the hierarchical CA model, namely:



Intermediate CAs: An intermediate CA is a subordinate CA which is located between a root CA and other subordinate CAs, called leaf CAs. The function of an intermediate CA is to issue certificates to leaf CAs and subscribing entities



Leaf CAs: The function of a leaf CA is to issue to certificates to users, servers and services.

The Subordinate CAs will be accredited and regulated by the Root Certifying Authority.

DESIGN – MESH PKI

 CAs have peer-to-peer relationships  Independent CAs cross certify each other  Users trust the CA the issued their certificates  CAs have peer-to-peer relationships  Independent CAs cross certify each other  Users trust the CA the issued their certificates

MODELS - MESH

DESIGN – BRIDGE CA

 There may be dead ends and cycles  Designed to connect enterprise PKIs regardless

• f architecture

 The bridge CA does not issue certificates to

users and is not intended as a trust point

 There may be dead ends and cycles  Designed to connect enterprise PKIs regardless

• f architecture

 The bridge CA does not issue certificates to

users and is not intended as a trust point

MODELS – BRIDGE CA

STATE OF THE ART: PKI STANDARDS

 Critical base standards: X.509, PKIX, ETSI, etc.  PKIX created standards for:

 Certificate and CRL syntax and processing  Certificate management protocols  OCSP  Time stamping  CA policies & procedures  Qualified certificates  Delegated path/certificate validation

 Critical base standards: X.509, PKIX, ETSI, etc.  PKIX created standards for:

 Certificate and CRL syntax and processing  Certificate management protocols  OCSP  Time stamping  CA policies & procedures  Qualified certificates  Delegated path/certificate validation

IETF PKI USERS: SECURITY PROTOCOLS

 IP layer VPNs (IPsec)  Secure web access (SSL, TLS)  Secure E-mail (S/MIME)  IPv6 Mobility  IPv6 Secure Neighbor Discovery (SEND WG)  BGP security  VoIP security (SIP, SRTP)

Note that none of these protocols make use of PKI for legally binding digital signatures!

 IP layer VPNs (IPsec)  Secure web access (SSL, TLS)  Secure E-mail (S/MIME)  IPv6 Mobility  IPv6 Secure Neighbor Discovery (SEND WG)  BGP security  VoIP security (SIP, SRTP)

Note that none of these protocols make use of PKI for legally binding digital signatures!

STATE OF THE ART: PKI SOFTWARE

 Infrastructure software

 Certification authority systems  Time stamping servers  OCSP servers  SCVP servers (coming soon)

 Client software

 PKI toolkits  PKI-enabled applications

S/MIME, IPsec, SSL/TLS, VoIP (SIP), …

 Infrastructure software

 Certification authority systems  Time stamping servers  OCSP servers  SCVP servers (coming soon)

 Client software

 PKI toolkits  PKI-enabled applications

S/MIME, IPsec, SSL/TLS, VoIP (SIP), …

STATE OF THE ART: PKI HARDWARE

 CA crypto modules

 Very few have been designed to support CAs  Some offer high assurance (FIPS 140 level 3/4)  Some offer high performance  But only one processed certificates and CRLs (vs. hashes)  CA systems are very vulnerable to a wide range of attacks  HSMs

 User crypto modules

 Smart cards are getting more powerful, more secure  Other formats possible too (e.g., USB tokens)  Smart Phones are into the mix now  Signature generation devices face the “what did I just sign?”

problem, a serious problem for applications supporting legally binding digital signatures

 CA crypto modules

 Very few have been designed to support CAs  Some offer high assurance (FIPS 140 level 3/4)  Some offer high performance  But only one processed certificates and CRLs (vs. hashes)  CA systems are very vulnerable to a wide range of attacks  HSMs

 User crypto modules

 Smart cards are getting more powerful, more secure  Other formats possible too (e.g., USB tokens)  Smart Phones are into the mix now  Signature generation devices face the “what did I just sign?”

problem, a serious problem for applications supporting legally binding digital signatures

STATE OF THE ART: CAS

 We have a number of large scale CAs

 VeriSign has a commanding position in the web server certificate space,

and significantly influences public notions of PKI

 The EU promotes liaise fare private sector CAs, hoping to spur

competition, and has created a “level playing field” for them

 In Asia, there is more of a government-influenced, national-level PKI

• rientation, for citizens and organizations

 The first two of these models emphasizes “trust” over “authority”

 Closed CAs can be deployed for most applications, and

• rganizations are doing this today

 We have a number of large scale CAs

 VeriSign has a commanding position in the web server certificate space,

and significantly influences public notions of PKI

 The EU promotes liaise fare private sector CAs, hoping to spur

competition, and has created a “level playing field” for them

 In Asia, there is more of a government-influenced, national-level PKI

• rientation, for citizens and organizations

 The first two of these models emphasizes “trust” over “authority”

 Closed CAs can be deployed for most applications, and

• rganizations are doing this today

EVALUATING OPTIONS



Managed PKI – Outsourcing the Solution - Outsourced PKI refers to a PKI solution that is owned and

• perated by a trusted third-party entity known as a Certificate Authority (CA). The CA assumes

responsibility for setting policy, managing the technology and infrastructure, and owns the legal liability on behalf of the client. This approach does not require purchasing hardware or software. However, when factoring set-up fees per user license, annual renewal fees, and in-house IT support, the costs can be considerable.



Traditional PKI – Developing a fully owned Solution – “In-house” implementation involves the acquisition of PKI software and hardware in order to deploy and manage digital certificates and related issues. This approach allows the government or designated authority entity to control and customize the digital signature solution according to the peculiar needs infrastructure. Implementing Traditional PKI option, even if using free software, can be the most costly approach to PKI technology, even as it gives the maximum control.



Server Side Signing – An Off-the-Shelf Solution - A new concept in PKI technology, also known as Server Side Signing, leverages the existing infrastructure that is currently in place. This approach involves deploying a centralized appliance installed on an existing network that immediately works in sync with the network elements already in place.



Managed PKI – Outsourcing the Solution - Outsourced PKI refers to a PKI solution that is owned and

• perated by a trusted third-party entity known as a Certificate Authority (CA). The CA assumes

responsibility for setting policy, managing the technology and infrastructure, and owns the legal liability on behalf of the client. This approach does not require purchasing hardware or software. However, when factoring set-up fees per user license, annual renewal fees, and in-house IT support, the costs can be considerable.



Traditional PKI – Developing a fully owned Solution – “In-house” implementation involves the acquisition of PKI software and hardware in order to deploy and manage digital certificates and related issues. This approach allows the government or designated authority entity to control and customize the digital signature solution according to the peculiar needs infrastructure. Implementing Traditional PKI option, even if using free software, can be the most costly approach to PKI technology, even as it gives the maximum control.



Server Side Signing – An Off-the-Shelf Solution - A new concept in PKI technology, also known as Server Side Signing, leverages the existing infrastructure that is currently in place. This approach involves deploying a centralized appliance installed on an existing network that immediately works in sync with the network elements already in place.

BUILD OR BUY ?

 Whichever approach is chosen for PKI

implementation, it is important to ensure the interoperability of the solution with industry standards and protocols.

 Deciding whether to build or buy is probably the

most important step in any PKI implementation.

 Neither route is easy, and both pose serious

security risks if poorly implemented.

 Whichever approach is chosen for PKI

implementation, it is important to ensure the interoperability of the solution with industry standards and protocols.

 Deciding whether to build or buy is probably the

most important step in any PKI implementation.

 Neither route is easy, and both pose serious

security risks if poorly implemented.

THE BOTTOM LINE

• Properly implemented, PKI can deliver a powerful

means of making any transaction so secure it's virtually immune from attack.

• PKI can also pose some of the thorniest security

challenges for network designers. Getting it done right is difficult and requires a thorough understanding and implementation of the various pieces of the PKI infrastructure in a truly secure way. Properly implemented, PKI can deliver a powerful means of making any transaction so secure it's virtually immune from attack. PKI can also pose some of the thorniest security challenges for network designers.

• Getting it done right is difficult and requires a thorough

understanding and implementation of the various pieces of the PKI infrastructure in a truly secure way.

IMPLEMENTATION …. .…PREAMBLES - LEGAL MATTERS

 Authentication method should be prescribed by

legislation (i.e Digital Signatures based upon asymmetric Key Cryptography and Hash Functions)

 Legal recognition should be granted to records

maintained in electronic form

 Legislative action to define computer system

(misuse) and make it legally actionable .

 Authentication method should be prescribed by

legislation (i.e Digital Signatures based upon asymmetric Key Cryptography and Hash Functions)

 Legal recognition should be granted to records

maintained in electronic form

 Legislative action to define computer system

(misuse) and make it legally actionable .

IMPLEMENTATION - PLANNING

The following are the basics that should be given due consideration in the process of planning for the design and deployment of the PKI :

 Ensuring that there is a security policy, which is

appropriately updated and ready for PKI

 Creating or updating Certificate Policies (CP)  Creating a Certificate Practice Statement (CPS)

The following are the basics that should be given due consideration in the process of planning for the design and deployment of the PKI :

 Ensuring that there is a security policy, which is

appropriately updated and ready for PKI

 Creating or updating Certificate Policies (CP)  Creating a Certificate Practice Statement (CPS)

TECHNICAL STUFF

CA Private Keys

 The size of private key for each CA needs to be carefully considered

both for security reasons as well as potential compatibility issues. A key size of 2048 bits is recommended for the root CA. A 1024-bit RSA key pair is recommended for other CAs and end entities. CA Private Key protection

 With respect to PKI, the private key is the most important component

to protect, regardless of which participating entity. A careful risk assessment will need to be carried out to determine the optimal methods of protecting private keys, but at a minimum, local (disk) storage of private keys will require encryption and hashing processes. CA Private Keys

 The size of private key for each CA needs to be carefully considered

both for security reasons as well as potential compatibility issues. A key size of 2048 bits is recommended for the root CA. A 1024-bit RSA key pair is recommended for other CAs and end entities. CA Private Key protection

 With respect to PKI, the private key is the most important component

to protect, regardless of which participating entity. A careful risk assessment will need to be carried out to determine the optimal methods of protecting private keys, but at a minimum, local (disk) storage of private keys will require encryption and hashing processes.

NATIONAL PKI - SCALABILITY AND INTERNATIONAL COOPERATION The nation should acquire, leverage and improve its usage of technologies relating to security and certification as a matter of pride, national identity and national security. The nation should acquire, leverage and improve its usage of technologies relating to security and certification as a matter of pride, national identity and national security.

SCALABILITY - JUSTIFICATION

 Foreign CA’s (e.g Verisign, RSA, Entrust, Thawte,

etc) recognized by Software vendors are monopolizing and will continue to monopolize the Nigerian e-commerce market, if the Root CA certificate of Nigeria is not recognized.

 By incorporating acceptance of Nigerian national,

regional or other administratively defined CAs in software, it will become possible to apply their certificates for e-commerce at the global level

 Foreign CA’s (e.g Verisign, RSA, Entrust, Thawte,

etc) recognized by Software vendors are monopolizing and will continue to monopolize the Nigerian e-commerce market, if the Root CA certificate of Nigeria is not recognized.

 By incorporating acceptance of Nigerian national,

regional or other administratively defined CAs in software, it will become possible to apply their certificates for e-commerce at the global level

SCALABILITY - INTEROPERABILITY

To achieve international acceptability, the national, regional or administratively defined Certificate Authorities in Nigeria will need to be added to the list of trusted CAs in the following application software (at a minimum):



Microsoft Internet Explorer



Mozilla Firefox



Apple Safari



Google Chrome



Opera These being the most widely used access software (web browser) applications presently. This list will be reviewed as appropriate. To achieve international acceptability, the national, regional or administratively defined Certificate Authorities in Nigeria will need to be added to the list of trusted CAs in the following application software (at a minimum):



Microsoft Internet Explorer



Mozilla Firefox



Apple Safari



Google Chrome



Opera These being the most widely used access software (web browser) applications presently. This list will be reviewed as appropriate.

PKI VULNERABILITIES - CERTIFICATES

TRUSTED KEY SERVER

 The trust that is gained by the certificate is

based on the trust of the certificate authority.

 Because the CA has this quality of being a

single point of failure to the entire system, it will be the target of attacks

 If the CA has not properly guarded it’s private

key then an attacker can create a false certificate for a web site. TRUSTED KEY SERVER

 The trust that is gained by the certificate is

based on the trust of the certificate authority.

 Because the CA has this quality of being a

single point of failure to the entire system, it will be the target of attacks

 If the CA has not properly guarded it’s private

key then an attacker can create a false certificate for a web site.

PKI VULNERABILITIES - CERTIFICATES

 ILLEGITIMATE CERTIFICATES  USING FALSE CERTIFICATES  ILLEGITIMATE CERTIFICATES  USING FALSE CERTIFICATES

PKI VULNERABILITIES - SMARTCARDS

 PKI-enabled smartcards are vulnerable to a

wide range of attacks: PIN phishing False Authentication Fraudulent Signatures SSL Hijacking and Data Theft Side Channel Attacks

 PKI-enabled smartcards are vulnerable to a

wide range of attacks: PIN phishing False Authentication Fraudulent Signatures SSL Hijacking and Data Theft Side Channel Attacks

MITIGATIONS

 Check the Lock !!!  Read the warnings !!!  Ask Questions !!!

Most Importantly …

 …Security Awareness training  Check the Lock !!!  Read the warnings !!!  Ask Questions !!!

Most Importantly …

 …Security Awareness training

(FUTURE) TRENDS IN PKI

 More government-issued certificates  More focus on authorization vs. authentication  Many certificates vs. one certificate per user:

the naming problem

 Better understanding of the role of trust in PKI  More government-issued certificates  More focus on authorization vs. authentication  Many certificates vs. one certificate per user:

the naming problem

 Better understanding of the role of trust in PKI

CONCLUSION

 There is a lot of hard work to be done  The going may at times be tough, but it

certainly will be exciting

 We cannot depend on “LUCK” or an easy way

• ut.

 There is a lot of hard work to be done  The going may at times be tough, but it

certainly will be exciting

 We cannot depend on “LUCK” or an easy way

• ut.

BECAUSE …

I’m a great believer in Luck, and I find that the harder I work, the more I have of it.

• Thomas Jefferson

I’m a great believer in Luck, and I find that the harder I work, the more I have of it.

• Thomas Jefferson

APPRECIATION Thank you so much for sitting through this mini presentation.

Please direct any questions to Abiola Fayemi Telephone : +1 (905) 510-3514 email: biola@circuitcontexts.com

Thank you so much for sitting through this mini presentation.

Please direct any questions to Abiola Fayemi Telephone : +1 (905) 510-3514 email: biola@circuitcontexts.com

DELIVERED AT THE 11TH INTERNATIONAL CONFERENCE OF THE NIGERIA COMPUTER SOCIETY (NCS) HELD AT THE ROYAL PARK HOTEL, ILOKO-IJESA, THE STATE OF OSUN, NIGERIA (24-26 JULY, 2013)