بسم اللهبسم الله

PKI Revealed PKI Revealed

Ayman SaeedAyman Saeed

AgendaAgenda• Cryptography Review .• PKI …… WHY and HOW!!!!! .• X.509 Certificate .• PKI Hierarchies Certification .• Practical Implementation of

PKI .

• Cryptography is not encryption , cryptography is a framework by which Cryptography is not encryption , cryptography is a framework by which we can ensure the CIA triad for our information ; C for confidentiality , I we can ensure the CIA triad for our information ; C for confidentiality , I for Integrity and A for authenticity .for Integrity and A for authenticity .

• We can achieve confidentiality by using encryption service , we can We can achieve confidentiality by using encryption service , we can ensure the Integrity of a message by hashing it and we can finally ensure the Integrity of a message by hashing it and we can finally authenticate the sender by using a combination of encryption and authenticate the sender by using a combination of encryption and hashing .hashing .

• Cryptosystem is the implemented form of the cryptographic framework Cryptosystem is the implemented form of the cryptographic framework , it consists of these three components :, it consists of these three components :1- algorithms : cryptographic engines for doing encryption and hashing 1- algorithms : cryptographic engines for doing encryption and hashing ..2- protocols : for establishing connections and negotiating parameters 2- protocols : for establishing connections and negotiating parameters between the communicating parties .between the communicating parties .3- keys : for encryption algorithms .3- keys : for encryption algorithms .

• SSL , IPSEC , SSH and PGP are good examples to be cryptosystems .SSL , IPSEC , SSH and PGP are good examples to be cryptosystems .

Cryptography ReviewCryptography Review

•Encryption can be done symmetrically and asymmetrically . Encryption can be done symmetrically and asymmetrically .

•For symmetric encryption , we are encrypting clear messages using For symmetric encryption , we are encrypting clear messages using a key and we are decrypting cipher messages using the same key . a key and we are decrypting cipher messages using the same key . DES , 3DES , Blowfish , IDEA , RC5 , Safer , Serpent and AES are the DES , 3DES , Blowfish , IDEA , RC5 , Safer , Serpent and AES are the well known symmetric encryption algorithms .well known symmetric encryption algorithms .

•For asymmetric encryption , we are encrypting For asymmetric encryption , we are encrypting clear messages using a key and we are clear messages using a key and we are decrypting cipher messages using a different decrypting cipher messages using a different key . RSA , ECC , ElGamel and Knapsack are the key . RSA , ECC , ElGamel and Knapsack are the well known asymmetric encryption algorithms .well known asymmetric encryption algorithms .

•Symmetric encryption suffers from two major problems :Symmetric encryption suffers from two major problems :

1- it requires “ out of band “ exchange of keys .1- it requires “ out of band “ exchange of keys .

2- not scalable , each pair of communicators should have a 2- not scalable , each pair of communicators should have a different different key to use .key to use .

•Asymmetric encryption suffers from only one major problem :Asymmetric encryption suffers from only one major problem :

Very slow compared to symmetric encryption , up to 1000 Very slow compared to symmetric encryption , up to 1000 times times slower. slower.

•So , symmetric encryption is the normal choice for encrypting large So , symmetric encryption is the normal choice for encrypting large amount of data , asymmetric encryption is used as the “out of band” amount of data , asymmetric encryption is used as the “out of band” way for symmetric encryption key distribution .way for symmetric encryption key distribution .

•Diffie-Hellman algorithm is considered as an implementation of key Diffie-Hellman algorithm is considered as an implementation of key distribution using asymmetric pair of keys . Mohamed will generate distribution using asymmetric pair of keys . Mohamed will generate two (public and private ) keys using his own Diffie-Hellman algorithm , two (public and private ) keys using his own Diffie-Hellman algorithm , Ali will do the same thing ; then , both of them will exchange his own Ali will do the same thing ; then , both of them will exchange his own public key , so Mohamed will have his own private key and Ali’s public public key , so Mohamed will have his own private key and Ali’s public key , he will use his Diffie-Hellman algorithm to generate a new private key , he will use his Diffie-Hellman algorithm to generate a new private key ; Ali will have the same private key if he does the same operation .key ; Ali will have the same private key if he does the same operation .

•As we have mentioned before data integrity can be ensured using As we have mentioned before data integrity can be ensured using ……. Hashing .……. Hashing .

•Hashing is an irreversible process , with no keys .Hashing is an irreversible process , with no keys .

•MD2 , MD4 , MD5 , SHA , HAVAL , RIPE and Tiger are the well known MD2 , MD4 , MD5 , SHA , HAVAL , RIPE and Tiger are the well known hashing algorithms .hashing algorithms .

•But we did not notice that we have a big huge weakness , if we are But we did not notice that we have a big huge weakness , if we are depending only on these hashing algorithms .depending only on these hashing algorithms .

•A simple newbie can execute an MITM A simple newbie can execute an MITM attack , and he will be able to receive the attack , and he will be able to receive the message with digest from the sender so as message with digest from the sender so as to create a new fake message with a new to create a new fake message with a new generated hash (using the same hashing generated hash (using the same hashing algorithm) to be sent to the poor receiver .algorithm) to be sent to the poor receiver .

•We can solve this problem by using HMAC We can solve this problem by using HMAC with any hashing algorithm .with any hashing algorithm .

•This is our last step for the CIA triad , how can we ensure authenticity This is our last step for the CIA triad , how can we ensure authenticity using cryptography !!! using cryptography !!!

•Digital signature is used for achieving authenticity in a Digital signature is used for achieving authenticity in a cryptographic form , it uses a combination of hashing and cryptographic form , it uses a combination of hashing and asymmetric encryption .asymmetric encryption .

PKI …… WHY and PKI …… WHY and HOW!!!!!HOW!!!!!•Public Key Infrastructure is a Public Key Infrastructure is a TrustTrust Connectivity media , I need to Connectivity media , I need to

trust the sender before beginning a new session with him , but I do not trust the sender before beginning a new session with him , but I do not have a direct look at him , how can I know that this public key is the have a direct look at him , how can I know that this public key is the one owned by the real sender; I need someone between us , someone one owned by the real sender; I need someone between us , someone that I can trust and that can trust this remote sender .that I can trust and that can trust this remote sender .

•How do I know I can trust you?How do I know I can trust you?Answer: The CA trusts me.Answer: The CA trusts me.

•How do I know the CA trusts you ?How do I know the CA trusts you ?Answer: you can see my certificate Answer: you can see my certificate issued by the CA.issued by the CA.

•PKI infrastructure can be divided into four basic subsystems :PKI infrastructure can be divided into four basic subsystems :•Registration AuthorityRegistration Authority•Certification AuthorityCertification Authority•Certification RepositoryCertification Repository•Certification revocation systemCertification revocation system

•Registration authority will deal the requester , who and why?? It Registration authority will deal the requester , who and why?? It could be an office with some humans to evaluate the requester or it could be an office with some humans to evaluate the requester or it could be a piece of software .could be a piece of software .

•Certification authority will issue the certificate for the requester as Certification authority will issue the certificate for the requester as it is requested by the Registration authority .it is requested by the Registration authority .

•All certificates issued by the CA will be stored in a certificate All certificates issued by the CA will be stored in a certificate repositoryrepository

•Amr wants to participate in a PKI process:Amr wants to participate in a PKI process:•He will send a request for the registration authority to be given He will send a request for the registration authority to be given a certificate.a certificate.•RA will validate Amr’s Identity .RA will validate Amr’s Identity .•RA will send a request for CA with Amr information.RA will send a request for CA with Amr information.•CA will generate the certificate and will send it to Amr.CA will generate the certificate and will send it to Amr.•A copy from this certificate will be saved at the certificate repo.A copy from this certificate will be saved at the certificate repo.

•The certificate that will be issued for Amr will have only his public The certificate that will be issued for Amr will have only his public Key , it will not carry Amr’s private key as it will be viewed for the Key , it will not carry Amr’s private key as it will be viewed for the public . So where is the private key !!.public . So where is the private key !!.

•Before requesting the certificate , Amr can generate both public Before requesting the certificate , Amr can generate both public and private keys at his PC , he can enclose the generated public key and private keys at his PC , he can enclose the generated public key with the certificate with the certificate requestrequest , CA will use this public key for the new , CA will use this public key for the new issued certificate .issued certificate .

•As a second option , CA can generate both public and private keys , As a second option , CA can generate both public and private keys , Amr can have his private “out of band” .Amr can have his private “out of band” .

X.509 CertificateX.509 Certificate

•Before we proceed into the certificate anatomy ; I would like to predict Before we proceed into the certificate anatomy ; I would like to predict the certificate structure from the view of what we really need from the the certificate structure from the view of what we really need from the certificate itself . certificate itself .

•The certificate is a proof of trust from the CA to a specific user , so it The certificate is a proof of trust from the CA to a specific user , so it should declare the name of this user ( this is the certificate of should declare the name of this user ( this is the certificate of amr.saeed) .amr.saeed) .

•The certificate should declare the authority that issued this certificate The certificate should declare the authority that issued this certificate (xyx.company) .(xyx.company) .

•The certificate should have the public key of Amr in a clear form . The certificate should have the public key of Amr in a clear form .

•The contents of this certificate should be hashed and digitally signed The contents of this certificate should be hashed and digitally signed by the issuer CA .by the issuer CA .

•This is This is X.509X.509 certificate anatomy :certificate anatomy :

•This certificate’s version is V3 , serial number is 6b 3c ……. , This certificate’s version is V3 , serial number is 6b 3c ……. , signature algorithms are SHA with RSA , issuer is Class 3 …….. Etc.signature algorithms are SHA with RSA , issuer is Class 3 …….. Etc.

•This is the sequence of signing a digital certificate :This is the sequence of signing a digital certificate :

•This is the sequence of verifying a digital certificate :This is the sequence of verifying a digital certificate :

•Certificate loses its validity in one of these three cases :Certificate loses its validity in one of these three cases :

1-loss of integrity .1-loss of integrity .

2-date expiration .2-date expiration .

3-being revoked .3-being revoked .

•Certificate revocation can be done if we have a sudden change ; a Certificate revocation can be done if we have a sudden change ; a user loses his private key , someone leaves the company or user loses his private key , someone leaves the company or something like that .something like that .

•Loss of integrity and date expiration can be easily known by the Loss of integrity and date expiration can be easily known by the entity that receives the certificate ; how do this entity know that this entity that receives the certificate ; how do this entity know that this certificate had been revoked !!! this the new problem that we should certificate had been revoked !!! this the new problem that we should solve.solve.

•Each of your trusted certification authorities should have a list of Each of your trusted certification authorities should have a list of revoked certificates that were issued by this CA . This list is known revoked certificates that were issued by this CA . This list is known as Certificate Revocation List (CRL) and this list should be as Certificate Revocation List (CRL) and this list should be broadcasted to all systems that trust this CA .bbroadcasted to all systems that trust this CA .b

•Each system should check CRL advertised by the CA that issued the Each system should check CRL advertised by the CA that issued the received certificate .received certificate .

•Let us assume two situations to deal with , for a solid Let us assume two situations to deal with , for a solid understanding of PKI Hierarchies and Cross-Certification:understanding of PKI Hierarchies and Cross-Certification:

We have a big company We have a big company that has multiple that has multiple branches , each branch branches , each branch should have a dedicated should have a dedicated CA for issuing certificates CA for issuing certificates in this branch ; these in this branch ; these branches should be branches should be authorized from authorized from subordinate CAs and subordinate CAs and subordinatesubordinate CAs should be CAs should be authorized from one root authorized from one root CA . This is known as CA . This is known as hierarchal cross-hierarchal cross-certification .certification .

PKI Hierarchies CertificationPKI Hierarchies Certification

•The CA at the top of the hierarchy is called a root CA . Root CAs have The CA at the top of the hierarchy is called a root CA . Root CAs have self-signed certificates. Root CAs are the most trusted CAs in the self-signed certificates. Root CAs are the most trusted CAs in the organization . Child CAs are called subordinate CAs . Subordinate CAs organization . Child CAs are called subordinate CAs . Subordinate CAs are certified by the parent CAs. A parent CA certifies the subordinate are certified by the parent CAs. A parent CA certifies the subordinate CA by issuing and signing the subordinate CA certificate. A subordinate CA by issuing and signing the subordinate CA certificate. A subordinate CA can be either an intermediate or an issuing CA. An intermediate CA CA can be either an intermediate or an issuing CA. An intermediate CA issues certificates only to subordinate CAs. An issuing CA issues issues certificates only to subordinate CAs. An issuing CA issues certificates to users, computers, or services.certificates to users, computers, or services.

•So if a user receives a certificate that was issued by a CA which is a So if a user receives a certificate that was issued by a CA which is a member in a hieratical cross certification model , this certificate should member in a hieratical cross certification model , this certificate should contain its certification path .contain its certification path .

•The belowfigure shows an example of certification path . The recipient The belowfigure shows an example of certification path . The recipient should verify theses certificates one by one starting from bottom to top should verify theses certificates one by one starting from bottom to top with the condition >>>>>>> the user trusts the root CA .with the condition >>>>>>> the user trusts the root CA .

أشهد وبحمدك اللهم أشهد سبحانك وبحمدك اللهم سبحانكانت اال اله ال انت ان اال اله ال ان

اليك وأتوب اليك أستغفرك وأتوب أستغفرك