Public Key Infrastructure Towards a reliable revocation status - - PowerPoint PPT Presentation

public key infrastructure
SMART_READER_LITE
LIVE PREVIEW

Public Key Infrastructure Towards a reliable revocation status - - PowerPoint PPT Presentation

Aug 18, 2022 171 likes •451 views

Public Key Infrastructure Towards a reliable revocation status checking method Royal Holloway, University of London Keith Vella Licari Weekend Conference 2013 keith@vellalicari.com Agenda About me Project approach Certificate

slide-1
SLIDE 1

Public Key Infrastructure

Towards a reliable revocation status checking method

Keith Vella Licari keith@vellalicari.com Royal Holloway, University of London Weekend Conference 2013

slide-2
SLIDE 2

Agenda

  • About me
  • Project approach
  • Certificate status validation (CSV) methods
  • What could go wrong?
  • Criteria to evaluate CSV methods
  • Revocation Status Discovery Protocol (RSDP)
  • Next steps
  • Project tips
slide-3
SLIDE 3

Connecting the dots

  • 1978: Born
  • 1990: First computer in the house (386SX)
  • 1991: Took dad’s computer apart
  • 1994: Purchased own computer (486DX4)
  • 1994: Became interested in networking (BBSs)
  • 1995: Started using the Internet (dial-up)
  • 1998: Started working in IT
  • 2001: Branched off to information security
slide-4
SLIDE 4

Connecting the dots

  • 2003: Involved in the design and implementation
  • f PKI-enabled secure messaging and a remote

access solution

  • 2007: Involved in a project that delivered a PKI to

support services offered by the Government of Malta

  • 2007: Proposed and developed an alternative

certificate status validation (CSV) method

  • 2013: Developed a set of criteria to evaluate CSV

methods and proposed the Revocation Status Discovery Protocol (RSDP)

slide-5
SLIDE 5

Project approach

  • Identified a challenge in a context
  • Looked at the project work as my contribution to

help address the identified challenge

  • Reviewed state of the practice/art
  • Identified shortcomings/security weaknesses in

existing methods

  • Identified requirements for an alternative method
  • Proposed an alternative method
slide-6
SLIDE 6

Responding to security threats

Security threats Security mechanisms

CURTAIL

Security services

PROVIDE

Digital signature Data origin authentication Data integrity Tampering

slide-7
SLIDE 7

Alice Mallory

Key exchange in public key crypto

Bob Alice Trent Bob

Certificate Certificate

slide-8
SLIDE 8

Issuing bank Card holder Merchant

Card payment processing

Card

1 2 3 4 1 Request card 2 Issue card 3 Transact with merchant 4 Verify card status Acquiring bank

slide-9
SLIDE 9

PKI Participants

Issuing CA Relying party Subscriber Relying party CA

Certificate

1 2 3 4 1 Request certificate 2 Issue certificate 3 Transact with relying party 4 Verify certificate status

slide-10
SLIDE 10

5 Fund transfer

Typical scenario

3 5 Issuing bank Card holder Merchant Acquiring bank Relying party Subscriber Issuing CA Relying party CA 2 1 4 1 Entity authentication 2 Validate certificate 3 Submit payment info 4 Request authorisation

slide-11
SLIDE 11

Digital certificate (X.509)

Standard guarantee offered by a certificate: “This certificate is good until the expiration date. Unless, of course, you hear that it has been revoked”. (Rivest)

slide-12
SLIDE 12

Certificate validation

  • Certificate discovery: collect issuing CA certificate

and all CA certificates up to the root and carry out expiry check

  • Path validation: verify digital signatures one by one

up to the root

  • Revocation checking:

○ Periodic publication mechanisms (e.g. CRL) ○ Online query mechanisms (e.g. OCSP)

slide-13
SLIDE 13

Example

slide-14
SLIDE 14

Pointers to revocation status service

CRL method OCSP method

slide-15
SLIDE 15

CRL check

Certificate CRL

slide-16
SLIDE 16

OCSP check

Request

OCSP Request Data: Version: 1 (0x0) Requestor List: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: 39AF18B41C021F39109656FDC6D358EF74858B99 Issuer Key Hash: 4E43C81D76EF37537A4FF2586F94F338E2D5BDDF Serial Number: 77085914F9CB7A7FC924B84F755708CB Request Extensions: OCSP Nonce: 041075DD789343AFE0484E4D24B4329D6BF4

Response

WARNING: no nonce in response Response verify OK test-sspev.verisign.com: revoked This Update: Jul 11 08:21:17 2013 GMT Next Update: Oct 5 10:04:24 2013 GMT Reason: unspecified Revocation Time: Oct 30 22:20:23 2012 GMT

slide-17
SLIDE 17

What could go wrong?

Main issues:

CRL OCSP Lightweight OCSP Can easily become large and unwieldy Ambiguous answer (good|revoked|unknown) Pre-produced responses Timeliness (delay until next update) Only definitive answers are digitally signed Only definitive answers are digitally signed Scalability (self-inflicted DDoS) Optional protection against replay attacks No protection against replay attacks

slide-18
SLIDE 18

Internet browser statistics

slide-19
SLIDE 19

Default setting

slide-20
SLIDE 20

Proprietary method (not online)

slide-21
SLIDE 21

Alternative method (naïve)

1 Relying party Certificate status service (DNS) 2 5 1 Extract serial number 2 Send status request 3 Lookup pre-produced response 4 Send response to requester

Security service/s Data origin authentication Data integrity

4 3 5 Verify signature 6 Read status in response 6

slide-22
SLIDE 22

Criteria to evaluate CSV methods

Design Performance Security Simplicity Status accuracy Protection against impersonation attacks Uniqueness of target certificate identifier Scalability Protection against manipulation Unambiguity of certificate status information Size of request Protection against replay attacks Completeness Size of response Protection against sniffing Extensibility Demand smoothness Auditability

slide-23
SLIDE 23

Revocation Status Discovery Protocol (RSDP)

1 Relying party Certificate status service (TLS) 3 2 1 Compute certificate identifier (fingerprint) 2 Construct URL (using fingerprint) 3 Establish TLS connection with responder 4 Send status request

Security service/s Entity authentication Confidentiality Data origin authentication Data integrity

6 5 5 Lookup pre-produced response 6 Send response to requester 4 7 Verify signature 8 Read status in response 8 7

slide-24
SLIDE 24

Next steps

  • Alternative evaluation
  • Peer/Expert review
  • Practical implementation
  • Standardisation
slide-25
SLIDE 25

Recap

  • Highlighted the need to validate certificate

status

  • Looked at 2 standard and 1 proprietary

certificate status validation (CSV) methods

  • Reviewed challenges in the use of CSV methods
  • Introduced evaluation criteria for CSV methods
  • Looked at the proposed Revocation Status

Discovery Protocol (RSDP)

slide-26
SLIDE 26

Project tips

  • Get started as early as you can
  • Choice of optional modules is key
  • Use your project supervisor wisely
  • Make use of resources/subscriptions provided
  • Focus on analysis rather than implementation
  • Use reference management software
slide-27
SLIDE 27

Further reading

Books/Papers

  • Adams, C. and S. Lloyd, Understanding PKI : concepts, standards,

and deployment considerations

  • Georgiev, M., et al.,, The most dangerous code in the world :

validating SSL certificates in non-browser software

  • Gutmann, P., Engineering security
  • Kohnfelder, L. M., Towards a practical public-key cryptosystem
  • Marlinspike, M., Defeating OCSP With The Character '3'
  • VeriSign Inc., VeriSign update on certificate revocation list

expiration Standards

  • CRL method - X.509, RFC 5280
  • OCSP method - RFC 2560
  • Lightweight OCSP - RFC 5019