4.5 공개키 기반구조

(1)

4.5 공개키 기반구조

4장. 키 분배와 사용자 인증

목포해양대해양컴퓨터공학과

(2)

개요

•

공개키 기반구조(PKI: Public-Key Infrastructure)

•

RFC 2822(Internet Security Glossary)에서 정의

•

비대칭 암호시스템에 기초해서 디지털 인증서를 생성하고,

관리하고, 저장하고, 배분하며 취소하는 데 필요한 하드웨어, 소프트웨어, 사람, 정책 및 절차

•

PKI 개발 목적

•

안전하고, 편리하고, 효율적인 공개키 획득

•

IETF(Internet Engineering Task Force) 공개키 기반구조

X.509(PKIX) 작업그룹 _{목포해양대}

해양컴퓨터공학과

(3)

전자 서명의 한계

•

아직도 남아있는 문제 – 서명자의 실제 신원

•

“송신자가 주장하는 신원을 믿을 수 있는가 ? ”

Moving towards PKI …

(4)

Digital Certificate (1)

•

Binding between an entity’s Public Key and one or more

Attributes

relating its Identity.

•

The entity can be a Person, an Hardware Component, a Service, etc.

•

A Digital Certificate is issued (and signed) by someone

• Usually the issuer is a Trusted Third Party

• A self-signed certificate usually is not very trustworthy

(5)

Digital Certificate (2)

CERTIFICATE

Issuer

Subject

Issuer

Subject Public Key

(6)

Digital Certificate (3)

•

Problems

•

How are Digital Certificates Issued?

•

Who is issuing them?

•

Why should I Trust the Certificate Issuer?

•

How can I check if a Certificate is valid?

•

How can I revoke a Certificate?

•

Who is revoking Certificates?

Moving towards PKI …

(7)

Public Key

Infrastructure (PKI)

(8)

Public Key Infrastructure (1)

•

A Public Key Infrastructure is an Infrastructure to support and manage Public Key-based Digital Certificates

•

“A PKI is a set of agreed-upon standards, Certification

Authorities (CA), structure between multiple CAs, methods to discover and validate Certification Paths, Operational

Protocols, Management Protocols, Interoperable Tools and supporting Legislation”

•

“Digital Certificates” book – Jalal Feghhi, Jalil Feghhi, Peter

(9)

Public Key Infrastructure (2)

•

Focus on:

•

X509 PKI

•

X509 Digital Certificates

•

Standards defined by IETF, PKIX WG: http://www.ietf.org/

•

… even if X509 is not the only approach (e.g. SPKI)

(10)

X509 PKI – Technical View

•

Basic Components:

•

Certificate Authority (CA)

•

Registration Authority (RA)

•

Certificate Distribution System

•

PKI enabled applications

“Provider” Side

“Consumer” Side

(11)

X509 PKI – Simple Model

CA RA

Certification Entity

Directory Application

Service

Remote

Person Local

Person

Certs, CRLs

Cert. Request Signed

Certificate Internet

(12)

X509 PKI

Certificate Authority (CA)

•

Basic Tasks:

•

Key Generation

•

Digital Certificate Generation

•

Certificate Issuance and Distribution

•

Revocation

•

Key Backup and Recovery System

•

Cross-Certification

(13)

X509 PKI

Registration Authority (RA)

•

Basic Tasks:

•

Registration of Certificate Information

•

Face-to-Face Registration

•

Remote Registration

•

Automatic Registration

•

Revocation

(14)

X509 PKI

Certificate Distribution System

•

Provide Repository for:

•

Digital Certificates

•

Certificate Revocation Lists (CRLs)

•

Typically:

•

Special Purposes Databases

•

LDAP directories

(15)

Certificate Revocation List (1)

Certificate Revocation List

Revoked Certificates remain in CRL

until they expire

(16)

Certificate Revocation List (2)

•

CRLs are published by CAs at well defined interval of time

•

It is a responsibility of “Users” of certificates to “

download” a

CRL and verify if a certificate has been revoked

• User application

must deal with the revocation processes

(17)

Online Certificate Status Protocol (OCSP)

•

An alternative to CRLs

•

IETF/PKIX standard for a real-time check if a certificate has been revoked/suspended

•

Requires a high availability OCSP Server

17 User

^CRL

CA

User

^CRL

CA

Download CRL

Certificate IDs to be checked

Answer about

OCSP

Server

(18)

X509 PKI

PKI-enabled Applications

•

Functionality Required:

•

Cryptographic functionality

•

Secure storage of Personal Information

•

Digital Certificate Handling

•

Directory Access

•

Communication Facilities

(19)

X509 PKI

Trust and Legal Issues

(20)

X509 PKI

Trust and Legal Issues

•

Why should I Trust a CA?

•

How can I determine the liability of a CA?

(21)

X509 PKI Approaches to Trust and Legal Aspects

•

Why should I Trust a CA?

•

How can I determine the liability of a CA?

Certificate Hierarchies, Cross-Certification

Certificate Policies (CP) and Certificate Policy

Statement (CPS)

(22)

X509 PKI

Approach to Trust

Certificate Hierarchies

and

^{해양컴퓨터공학과}

(23)

CA Technology Evolution

Try to reflect

CA CA

CA

RA RA CA

RA

CA

RA CA

CA

RA RA

Directory Services

Internet

(24)

Simple Certificate Hierarchy

Each entity has its own certificate (and may have more than one).

The root CA’s certificate is self signed and each sub-CA is signed by its parent CA.

Each CA may also issue CRLs.

In particular the lowest level CAs issue CRLs frequently.

End entities need to “find” a certificate path to a CA that they trust.

Root CA Sub-CAs

End Entities

(25)

Simple Certificate Path

*

Alice

Bob

Trusted Root

Alice trusts the root CA

Bob sends a message to Alice Alice needs Bob’s certificate, the

certificate of the CA that signed Bob’s certificate, and so on up to the root CA’s self signed certificate.

Alice also needs each CRL for each CA.

Only then can Alice verify that Bob’s

certificate is valid and trusted and so

verify the Bob’s signature.

(26)

Cross-Certification and Multiple Hierarchies

1 2 3

1. Multiple Roots

(27)

Things are getting more and more complex if Hierarchies and

Cross-Certifications are used X509 PKI

Approach to Trust : Problems

(28)

Cross-Certification and Path Discovery

Trusted Root

3

Trusted Root

(29)

X509 PKI

Approach to Legal Aspects

Certificate Policy

Certificate Practice Statement And

(30)

Certificate Policy (CP)

•

A document that sets out the rights, duties and obligations of each party in a Public Key Infrastructure

•

The Certificate Policy (CP) is a document which usually has legal effect

•

A CP is usually publicly exposed by CAs, for example on a Web Site (VeriSign, etc.)

POLICY OUTLINE COMMUNITY &

APPLICABILITY

RIGHTS, LIABILITIES

& OBLIGATIONS CERTIFICATE &

CRL PROFILES

CP

IDENTIFICATION &

(31)

Policy Issues (CP)

•

Liability Issues

•

Repository Access Controls

•

Confidentiality Requirements

•

Registration Procedures

•

Uniqueness of Names

•

Authentication of Users/Organisations

•

Certificate Acceptance

•

Suspension and Revocation (Online/CRL)

•

Physical Security Controls _{목포해양대}

(32)

Certificate Policy Statement (CPS)

•

A document that sets out what happens in practice to support the policy statements made in the CP in a PKI

•

The Certificate Practice Statement (CPS) is a document which may have legal effect in limited circumstances

CERTIFICATE &

CRL PROFILES

INTRODUCTION GENERAL

PROVISIONS

IDENTIFICATION &

AUTHENTICATION

OPERATIONAL REQUIREMENTS SPECIFICATION

ADMINISTRATION

CPS

(33)

IETF (PKIX) Standards

•

X.509 Certificate and CRL Profiles

•

PKI Management Protocols

•

Certificate Request Formats

•

CP/CPS Framework

•

LDAP, OCSP, etc.

•

http://www.ietf.org/

(34)

PKIX 구조적 모델

(35)

PKIX 구조적 모델

•

종단 개체(End entity):

•

인증기관(CA: Certificate authority):

•

등록기관(RA: Registration authority):

•

선택적 요소

•

CA의 등록 관련된 행정적인 기능 수행

•

CRL 발행자(CRL issuer):

•

선택적 요소

•

저장소(Repository):

•

인증서, CRL 저장 장소

(36)

PKIX 관리 기능

• 등록(Registration):

• 사용자가 CA에게 자신을 알리는 절차

• 초기화(Initialization):

• 클라이언트 작동 전 다른 곳에 저장된 키와 적절한 관계를 가지고 있는 키 설치 필요

• 인증(Certification):

• 사용자에게 인증서 발급하여, 인증서를 사용자 클라이언트에 돌려주고 저장소에 저장

• 키 쌍 복구(Key pair recovery):

• 인증된 키 백업설비로부터 자신의 키 쌍 복구

• 키 쌍 갱신(Key pair update):

• 정기적, 비정기적 갱신 _{목포해양대}

(37)

PKIX 관리 프로토콜

•

두 개의 대체가 가능한 PKIX 개체 사이의 관리 프로토콜

정의

•

RFC 2510(“Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP)”) (obsoleted by RFC

4210(updated by RFC 6712))

•

인증서 관리 프로토콜(CMP: Certificate Management protocol)

•

RFC 2797(“Certificate Management over CMS (CMC)”) (obsoleted by RFC5272(updated by RFC6402))

•

암호 메시지 구문(CMS: Cryptographic Message syntax) 위에서 인증서 관리 메시지 정의

•

RFC 6712 “Internet X.509 Public Key Infrastructure -- HTTP