pki
PKI: Public-Key Infrastructure - Linux Forums
Applications
Desktop
Installations
Multimedia
Misc
Network
Programming
Reviews
Security
Servers
SEARCH FOR:
IN
Articles
Downloads
Forums
Linux Hosting
All Areas
ARTICLE
PKI: Public-Key Infrastructure
Contributed by Frank Pohlmann
in Security
on 2007-05-23 15:39:41
Encryption can help solve the problem of information hiding. It can turn text into randomized
symbols. But what encryption cannot do on its own is to authenticate someone the user has never
met. If you are using public keys accessible to everyone, it is quite impossible to figure out
whether someone of an organization is actually the person or specific organization sending a
particular public key. For this purpose, the Public-Key Infrastructure or PKI was created. Elements for PKI
PKI certifies identity. Using the PKI infrastructure, should, ideally, prove beyond reasonable
doubt that, in the digital world, you are who you say you are.
To be able to prove your own identity, someone has to vouch for you. This happens by someone or
something writing out a digital certificate for you. The someone or something is called a
certificate authority (CA). What (s)he writes out is called a digital certificate. The latter can
be used to prove your identity and you can use it to sign someone else's digital certificate.
This creates a chain, which of course, has to end somewhere. It usually ends in a public CA:
well-known companies, like RSA and VeriSign tend to act as so-called Cas. Their certificates are
called "root certificates" .
PKI vs. asymmetric cryptography
Although asymmetric cryptography is extremely helpful when establishing a CA, it is actually not
really necessary. The keys can be generated using algorithms that are not related to asymmetric
cryptographic systems: it does not make any difference to the validity of the certificate whether
it has been produced by symmetric or asymmetric cryptographic algorithms.
Identity validation by other means
We don't have to use a CA hierarchy to be able to exchange keys. We can also be part of something
called a "Web of Trust" , something implemented by GnuGPG. In principle it is quite simple and
works according to the following steps:
1. The user creates a public-private key pair and then makes his public key pair available.
2. If two or more key-owners meet (so called key-signing parties), they exchange their "real"
identity information, to confirm their identities and then sign each other's digital certificates.
3. Once a large number of people have done this, it is likely that they both know people who can
vouch for their identities. The path of signatures becomes a secure communication link.
4. To be sure that each person can be identified securely, multiple signature chains are a good
idea.
There are other systems to ensure key authenticity and user identity, but they tend to rely to some
extent on both or just variations of the PKI system.
Variations of PKI
Digital certificates contain quite a lot of information: Basically, they show all the information
necessary to identify a person or organization uniquely. Addresses, names and other items are added
to the certificate.
But more importantly, the owner's public key and the CA's digital signature created by the CA. All
elements make up the coveted digital certificate. The standard currently being used by most CA is
the X 509v3 standard. Other varieties include the PGP protocol (in its free and open source
implementations), but they have much less impact globally.
Becoming your own CA
We will get to know the process of setting up a CA. It is perfectly possible to act as your own CA:
the purposes can be manifold; first of all it is extremely useful to set up your own CA and know
the process involved. It also helps you to understand how to get SSL to work and how to set up
client certificates using PKI. Self-certification is not, however, particularly useful to
authenticate yourself to someone else.
Internal CA
An organization might want to be its own CA and distribute digital certificates to its employees.
This can be useful as an alternative to the LDAP or Apache network access control. (Chapter xx)
PKI procedures
We are getting close to actually building a CA and setting up SSL to work with Apache.
The basic procedure to find out whether you are communicating with the correspondent actually
holding the correct certificate is this: first encrypt the digital certificate using your public
key and wait for the respondent to send you the corresponding
The certificates usually consist of the following items:
All certificates need a subject that contains personal or company information. The next item that
often confuses the user is the common name, abbreviated as CN. It is little else but the domain
name of the host being authenticated. Then we get the public key, followed by the signature. The
signature is computed using a one-way hash (MD5 or SHA-1) of the information provided by the user
"subject and CN" and then encrypted using the CA's private key.
If you send the certificate in encoded form, it is called a challenge. The challenge has been
satisfied if the corresponding private key has been used to decode the certificate. The private key
is provided by the CA and thus acts as the guarantee that the name appearing in the certificate is
the name of the person the certificate was issued to by the CA.
You can then continue communicating using private key encryption with the trusted user.
SSL: the Theory
First of all, some nomenclature:
If you look up the Secure Socket Layer Standard in any context, you will always be redirected to
TLS (Transport Layer Security). Owing to past naming issues, and Netscape's role in creating SSL,
TLS is the official name of SSLv3.1, but no one uses the TLS moniker.
TLS has been codified in RFC 2246, but it is complex and most ssl commandline configuration
utilities are difficult to figure out. We will help out, though.
SSL adds security to the transport layer protocol: it secures other protocols as well, like SMTP,
FTP etc. but we are going to deal with http here.
SSL has one distinct disadvantage: it cannot use virtual hosting to recycle Internet Protocol
addresses. The reason is that the HTTP HOST request header is part of the encrypted packet sent
through the channel. To decrypt the header and indeed, the whole packet (or the channel in
question), the web server needs the correct key. It cannot find the right key, however, to decrypt
the packet/channel if it doesn't know where the packet is heading. Thus the only information
accessible to the web server to id the right key is the IP address. It follows that name-based
virtual hosting cannot be used for SSL.
Once the server has an idea who is talking to, further authentication is needed: the server sends
his digital certificate and the client will decrypt it using its private key. Only now can both
sides agree on encryption protocols and private keys to keep each exchange secret.
Data Transfers
Once both sides have a pair of keys to authenticate each other's identity, both parties can switch
to symmetric encryption. They use (or rather, you can determine during configuration) a set of
symmetric encryption protocols until both sides terminate the secure channel.
Versions
Please be aware of the TLS v. 1.1: it is the currently approved version, but so far only very few
clients seem to be able to cope with it.
SSL Security
We need to address several issues before installing and configuring the SSL stack for use with
mod_ssl. The first and most important issue is to determine whether the protocol is secure enough
for production use.
It is still possible to use symmetric ciphers using RC 4 with 256 bit key length, and
authentication should be attempted using 2048-bit key RSA. Please have no illusions about the
security of RC4, however: it has been broken quite a while ago, even though for some purposes it is
still considered fairly secure.
There are a fair number of protocols that should not be used with SSL v3. Low key strengths are a
dead give-away, and so is the presence of DES or SHA 0/1.
The Man in the Middle
All literature and documentation on SSL contains ample warnings about Man in the Middle (MITM)
attacks. As the phrase tells us, it is possible for an attacker to intercept all or part of
communications between two parties.
At the beginning of client-server SSL communication, the client needs to send the intended domain
name and the associated IP address. But first, the client needs to find the IP address (see above).
The client therefore needs to send a DNS query, which is fairly trivial to intercept using a tool
called dsniff.
The Man in the Middle will not only intercept the request, but he will also reply with a fake IP
address and thus interpose himself between client and server. During the handshake, the MITM has to
supply a digital certificate as well, which poses some problems for the attacker.
The classical list of possible MITM attacks on a SSL client goes like this:
1. The attacker might be using a self-signed (!) or a CA-supplied certificate procured from another
website. The warning message that this produces on the client's browser is probably something the
user will ignore.
2. The attacker can just send his own root certificate. The browser then might just import the root
certificate in question. As a result the attacker will find it a lot easier to get his certificates
accepted by other websites.
3. It is possible to get a root certificate by conducting some ingenious social engineering.
Disgruntled employees might be inclined to use their powers to let an attacker have a root
certificate. It would enable an attacker to provide a valid certificate for the target website.
Further SSL Problems
There are issues that concern all users of SSL and they will recur on several occasions in this
course.
- As we already know, SSL is not an end-to-end solution. As we have seen during the discussion of
the SSL handshake, it cannot start an encrypted channel by encrypting all information used during
the handshake. E.g. There is a common mistake using form-to-email scripts that enable a user to
send confidential information to the SSL-enabled webserver. Needless to say that form-to-email
scripts should never be used for any confidential information, let alone to initiate an SSL session.
- Certificates that are self-signed, invalid or expired lead to browser warnings. These warnings
should be treated with some degree of respect. MITM attacks are often executed in this fashion
(s.a.). This is still a user issue, although browser writers should be able to deal with this issue
in the course of time. For the time being, all self-signed certificates should be rejected out of
hand. Expired certificates from sites that you used to visit regularly should be treated as
opportunities to write a polite email reminding the web administrator to renew the digital
certificate.
- Invalid certificates are a different matter. If you want to be safe, don't proceed to the
website. If you are asked for confidential information, do not provide it. It is possible that
invalid certificates are provided due to a
- some browsers do not compare certificates to this day. When an MITM has been executed and DNS
information has been stolen, it is a simple matter of building an identical website to redirect the
web traffic and collect confidential information.
Phishing attacks have similar intent and often lead to redirecting traffic and misleading
unsuspecting users into providing confidential information of all kinds.
Conclusion
We have now the basics to understand setup of the OpenSSL library and to use mod_ssl on Apache. We
will also set up our own Certificate Authority, but you should not be tempted to compete with
VeriSign just yet. For internal use, however, you should be able to implement an Intranet with
Certificate-based Server authentication in place.
We left out Client-side authentication: it is possible to do use that, but given time constraints,
we have to leave it as the proverbial exercise for the reader.Discuss!
MENU
Linux ForumLinux DownloadsForum ArchiveAdvertise With UsWrite For UsContact Us
SPONSORS
Web Hosting
Web Hosting
Web Hosting
Web Hosting Providers
Web Development
Put your link here!
About Us
Contact Us
Advertise
Top
A Core Root Property - All Rights Reserved
разделы
плазменный панель настенный
гайковерт электрический
kyiv apartaments service
газонокосилка dolmar
чиллеры
мачта флагшток
купить видеокарту
факсимиле
лечение головокружение
искать фотограф
внешний антенна
девелоперская компания
touch screen
цепной конвейер
рукавичка доставка
флажок настольный
зубной протез
шелкография
цвет гармония
лечение зарубежом
холодильник либхер
жаропрочный фарфор revol
надевание бахила
газонокосилка dolmar
магнитно-маркерные доска
герб вышивка
морозильный витрина
фирменый цвет
мурано
покраска аэротенк
красный площадь васильевский спуск
телефонный анкетирование
доставка окон
швейцария культура
набор гинекологический
гравировальный бур
длинный нард
билет задорнов
kiev apartaments service
стелаж
лекарство рак
мелованный бумага
охота лис
ароматный мир
авиатакси
бюджетирование
враждебный поглощение
детский гинеколог
слим лифт
врач акушер гинеколог
магнитно-маркерные доска
кофе колониальный товар
стопный пластырь
zip lock
восстановление файл
кс-4361
доставка дров
учет данный автошкола
северский доломит
автоинформатор
антиобледенительные система
сканер штрихкодов
доставка суша
люминисцентная краска
tag heuer
qtek
папиллома
dunlup 205 55 r16
корпаративные вечеринка
сглаз
карбид кальций
мва
сэндвич кофе-бар
рак кишка
газонокосилка stiga
медикаментозный прерывание беременность
огнестойкий краска
откачка туалет
электрокардиограф
ферромолибден
оповещение
дэнас
диспорт
kyiv apartments service
билет цдкж
проведение анкетирование
аденома предстательный железа
электро лаборатория
генерация кислорода
зеркало багуа
pki