4th October 2008CPE Meet - K S Sesha Prakash1 Today’s subject - PKI is the answer Public Key Infrastructure Answer ?? For what and why

4th October 2008 CPE Meet - K S Sesha Prakash 1

Today’s subject - PKI is the answer

Public Key Infrastructure

Answer ??

For what

and why


This session is

Functionally orientated than technical.Shows why a PKI is neededWill give a glimpse of PKI structure in India.

My exposure to PKI is from the audits I have conducted on one of the CA’s and several RA’s across India. The subject has fascinated me ever since.

I have borrowed information from the sites of CCA, RCAI, IDRBT, WIKIPEDIA and many other web-sites.

I acknowledge their copyrights to some of the information reproduced here.



Cryptography is the root cause for the structure of PKI.

PKI’s have their origins to fulfill the need

• how to share a secret between two & MORE so between groups without compromise

• how to believe that the information originates from the very person claiming to have sent it



The Paper World

• A paper document consists of four componentsthe carrier ( the sheet of paper)text and pictures ( the physical representation of information)information about the originatormeasures to verify the authenticity (handwriting / written signature)

• All the four components are physically connectedSo, paper is the document

• There is only one originalcan be reproduced in innumerable copies

• Signature• Supposed to be unique, difficult to be reproduced, not changeable and not

reusable• Its main functions

identificationdeclarationproof

• The signature is used to identify a person and to associate the person with the content of that document always relates to a physical person



Electronic World

• Electronic document produced by a computer, is stored in digital form, and cannot be perceived without using a computerIt can be deleted, modified and rewritten without leaving a mark or trailIntegrity of an electronic document is “genetically” impossible to verifyA copy is indistinguishable from the originalIt can’t be sealed in the traditional way, where the author affixes his

signature

• The functions of identification, declaration, proof of electronic documents carried out using a digital signature based on cryptography.



To Understand, we need to know certain words and their means before proceeding

Plain textCipher textEncryption Decryption

AlgorithmKey

Key exchangeSymmetric Key Asymmetric key

Message digest / HashDigital SignatureElectronic SignatureElectronic Document



Plain text is just plain textCipher text is garbled text, which prima facie one will not be able to read / understandProcess of converting the plain text to cipher text is ENCRYPTIONThe reverse process is DECRYPTION

If software does the encryption or decryption, the method adopted is algorithm

Key is the actual secret which can unravel the encryption



A Symmetric Key, the same key (or Secret Key) can encrypt or decrypt the message – Symmetric cryptography

An asymmetric key on the other hand is a pair. One key encrypts and the other decrypts. The same key cannot encrypt and decrypt.

To distinguish the keys the terminology used is the Private Key and Public Key.

The Private Key is held secret by the owner and the Public Key is distributed. – Who distributes?



A hash or a message digest is a one way hash – it is of fixed length. It is a unique value for a given data. Any difference would result in a different value & give the same value every time it is recomputed for the same data. It cannot be reversed in the sense that you cannot deduce the original content – hence one way.


The message length is not the criterion.

Hash algorithms return only a fixed length.

The hash value changes even if there is a small change in the content and returns the same value every time it is recomputed.

This assures message INTEGRITY

http://hashes-2.php.htm/

http://hashes-1.php.htm/


Large volume messages or data is normally encrypted by Symmetric Cryptography and DES (Data Encryption Standard) or Triple DES or AES (Advanced Encryption Standard).

You have a key (symmetric key) which works both ways here. This Ensures CONFIDENTIALITY

This Symmetric Key is to be a secret between two person only. If is More it becomes difficult to pin down a message to a single person.Hence each pair should have one key. If the community is large?No. of Keys required is - No. of people N*(N-1) / 2 Keys

2 persons – 1 Key : 3 persons – 3*(3-1) / 2 ie., 4 Keys10 persons – 10*(10-1) / 2 ie., 45 Keys1000 persons – 1000*(1000-1) / 2 ie., 4,99,500 Keys

How to distribute these key? & How will you remember whose key is to be applied to which messageMore so, if the parties are geographically far apart and instantly (internet)Possibility of interchange and therefore key compromise



Large volumes of either data or text messages cannot be viably done by asymmetric cryptography due to requirement of large computing resources.

Hence, it is commercially used for small amount of data or text. Now you have a pair of keys, one a private key & the other a public key.


-----BEGIN RSA PRIVATE KEY----- MIIBOwIBAAJBAL2wXgtEGWTa/AwoSd9sdMULcaTBDxXvQbZPedno8AbpcaZNIkSU 4aq/rGQZzwM8wnUTwQSvfRrLwTKsS0X7xQkCAwEAAQJAMUkV5k93WaEcQ/xj1U1U ua3ThT80MDrOFBRqUJgZZXHnlCt7/e72eeXmVZD6Brm9HRLCcMNbwdWXM5omNvsX EQIhAOc/xbqqByFgmFIKfl7MiZ5iJTu+XXDYvSTN+8v4et2rAiEA0f3Yhqw/3lhH s+ajFO5rZpo9fJ9Li5vR+l5LcOnHLBsCIQC5I2h1kqzUvxYUEMytrwm64Q64Lyd2 Mj/0GGmwGoabswIgP6NTPDT1Qhe02yM5Jv2+FKEHoz3PMibtspdi+3wNfSMCIQDP LH8G7XRMAthvEGPfO9ojqj84/FuHkpMs4OOi32Jwtg== -----END RSA PRIVATE KEY----- -----BEGIN PUBLIC KEY----- MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL2wXgtEGWTa/AwoSd9sdMULcaTBDxXv QbZPedno8AbpcaZNIkSU4aq/rGQZzwM8wnUTwQSvfRrLwTKsS0X7xQkCAwEAAQ== -----END PUBLIC KEY-----

The Private Key is held secret by the owner and the Public Key is distributedThis ensures NON REPUDIATION. The private key should always be a secret.

So now it is possible to send the public key with encrypted message over unsecured channels also.


Digital signature is the message hash and Symmetric key of the message – both are encrypted and signed by the private key.

A digital signature is not unique to an individual. It is unique to a messageEx. Of digital signatures of same person on different documents is as under


As against the digital signature an Electronic or digitized signature described by many court rulings is the actual signature which can be scanned and reproduced

I agreeefcc61c1c03db8d8ea8569545c073c814a0ed755My place of birth is at Gwalior.fe1188eecd44ee23e13c4b6655edc8cd5cdb6f25I am 62 years old.0e6d7d56c4520756f59235b6ae981cdb5f9820a0I am an Engineer.ea0ae29b3b2c20fc018aaca45c3746a057b893e7I am a Engineer.01f1d8abd9c2e6130870842055d97d315dff1ea3



To summarize : When a message is sent or received, we need to ensure the following:

Data integrity – is about data not changed since the time it was sent by the originator and received by the recipient - Hash / Message hash addresses this.

Confidentiality – Encryption (preferably Symmetric Cryptography) addresses this as only the recipient can decrypt the message/data. We assume that the key is available only with both the originator and the recipient.

Non-repudiation – The key pair (Public and Private ie., Asymmetric Cryptography) addresses this. Only the originator can encrypt the message / data with his private key



Identification and authentication – In a small community this is easily addressed through out of band channels. However, within the global community, this becomes difficult.

Key Transport / Key distribution – as above, possible in a small community and not in a global community.

In global communities, how to ensure the originator is genuine ie., whom to trust?

PKI will address these issues.


Information Technology Act• IT Act 2000 : Basic legal framework for E-Commerce - promotes trust

in electronic environment – gazetted on 9th June 2000 • IT Act creates a conducive environment for promoting E-Commerce

in the country.

Acceptance of electronic documents as evidence in a court of law.

Acceptance of electronic signatures at par with handwritten signatures

Acceptance of electronic documents by the government.

Defines digital signatures based on asymmetric public key cryptography

Provides for the creation of Certifying Authorities to issue public key certificates – digital certificates for electronic authentication of users in electronic commerce.



The Controller of Certifying Authorities (CCA)

• Appointed by the Central Government under section 17 of the IT Act.

• Came into existence on November 1, 2000.• Aims at promoting the growth of E-Commerce and E-Governance

through the wide use of digital signatures.



Trust in Electronic Environment in India• Controller of Certification Authorities in position : Root of trust,

National Repository• Licensed CAs• Digital signatures for signing documents• Certificates, CRLs for access by relying parties• PKI operational• Other provisions of the IT Act – Cybercrimes not to go unpunished



PKI Hierarchy in India

CCA

CA CACA

RelyingParty

SubscriberSubscriber

Directory ofCertificates

CRLsDirectory ofCertificates

Subscriber

RA



Seven CA’s has been licensed

• Safescrypt - A subsidiary of Satyam Infoway• National Informatics Center (NIC) - Govt. of India• Institute for Development & Research in Banking Technology (IDRBT) – A society of RBI• Tata Consultancy Services (TCS)• M T N L• Customs & Central Excise• (n) Code Solutions - (A div. of Gujarat Narmada Valley Fertilizers Co. Ltd.)


PKI Standards

Public Key Cryptography RSA - Asymmetric Cryptosystem Diffie-Hellman - Asymmetric Cryptosystem Elliptic Curve Discrete Logarithm Cryptosystem

Digital Signature Standards RSA, DSA and EC Signature Algorithms MD5, SHA-1 - Hashing Algorithms

Directory Services (LDAP ver 3) X.500 for publication of Public Key Certificates and Certificate Revocation Lists X.509 version 3 Public Key Certificates X.509 version 2 Certificate Revocation Lists

PKCS family of standards for Public Key Cryptography from RSA PKCS#1 – PKCS#13 (Public Key Cryptography Standard)

Federal Information Processing Standards (FIPS) FIPS 140-1 level 3 and above for Security Requirement of Cryptographic Modules


Controller of Certifying Authorities as the highest authority of the Trust structure in India. All CA’s in India are under the Umbrella of the CCA. The CCA is under the Ministry of Commerce.

CCA to CA is the equivalent of Registrar of companies to Limited companiesRegistrar of firm to partnershipsRegistrar of societies to societies and associations

We need to know the terms CA – Certifying AuthorityRA – Registration AuthorityPKI repositoryCRL – Certificate Revocation List



• Some Trusted Agency is required which certifies the association of an individual with the key pair.

Certifying Authority (CA)

• This association is done by issuing a certificate to the user by the CA

Public key certificate (PKC)

• All public key certificates are digitally signed by the CA



Certifying Authority


• Must be widely known and trusted• Must have well defined Identification process before issuing the certificate• Provides online access to all the certificates issued• Provides online access to the list of certificates revoked• Displays online the license issued by the Controller• Displays online approved Certification Practice Statement (CPS) • Must adhere to IT Act/Rules/Regulations and Guidelines


IDRBT CertificatePaper Electronic



Public-Key Certification

Signed by using

CA’sprivate

key

Signed by using

CA’sprivate

key

UserName &

other credentials

UserName &

other credentials

User’s Public

key

User’s Public

key

User Certificate

Certificate Database

Publish

CertificateRequest

User Name

User’s Public Key

CA’s Name

Validity

Digital Signature of CA

Certificate Class

User’s EmailAddress

Serial No.

Key pair Generation

Private

Public

Web site of CA

User 1 certificate

User 2 certificate.

Public

License issued by CCA



The CA has to ensure the identity of the holder of the key pair to enroll

The CA itself may have the facility to do so

The CA may hive the arm of processing the identity of a Key Pair holder to an Registration Authority or RA

The RA in such an event follows a set of processes to identify the person with the key pair

Only when the RA is convinced, it will request the CA to issue the Digital Certificate for the Public key held by the applicant person.

A pictographic representation of the process

How a Digital Certificate is downloaded from the net.


Registration Authority


Classes of Certificates:

Class 1 CertificateClass 2 CertificateClass 3 Certificate – for servers, objects and Code

Types of Certificates:

Signing certificateEncryption certificateWeb Server CertificateClient CertificateObject Signing Certificate



PKI ArchitectureEnterprise architecture

Hierarchical Infrastructure (Root CA)Mesh infrastructure (Cross Certificate Pair)Bride PKI architecture


Bridge CA --

Principle CA

Peer CA

Subordinate CA

A Bridge CA may not be trusted by himself. You trust because your Principle CA has issued a self signed certificate to the Bridge CA & The Bridge CA to the Principle CA


PLEASE MAKE IT A POINT TO VOTE – It is your only Weapon- It is in your hand to make Democracy survive



OPEN FORUM

– Any Question?


Documents

4th October 2008CPE Meet - K S Sesha Prakash1 Today’s subject - PKI is the answer Public Key Infrastructure Answer ?? For what and why