1 pki systems concepts, processes, components tÜrktrust information security services inc. mert...

1

PKI SYSTEMS

Concepts, Processes, Components

TÜRKTRUST Information Security Services Inc.

Mert ÖZARARProject Senior Engineer

[email protected]

© 2005-2008 TÜRKTRUST Information Security Services Inc. All Rights Reserved. 2

AgendaCertification Authority (CA) / Certification Service Provider (CSP)Electronic Signature and Legal ValidityElectronic CertificatePKI Functions and TechnologyPKI Components and Business ModelsTrust Models and PKI ArchitecturesCertificate Life Cycle – Certificate Application, Registration, Issuance, Dissemination, Renewal, Rekey, Suspension and Revocation Processes


Certification Authority (CA)Certification Service Provider (CSP)

Certification Authority: Authority trusted by one or more users to create and assign certificates (ITU-T Recommendation X.509) – definition of “ETSI TS 101 456 – Policy requirements for certification authorities issuing qualified certificates”‘Certification-service-provider’ means an entity or a legal or natural person who issues certificates or provides other services related to electronic signatures – definiton of “EU Directive 1999/93/EC on a Community framework for electronic signatures”


Electronic CertificateService Provider (ECSP)Article 8 (Turkish Electronic Signature Law no. 5070)Electronic certificate service providers shall be public entities and establishments and natural persons or private law legal entities that provide electronic certificates, time-stamping and other services related to electronic signatures

Related servicesManagement of electronic certificate application, generation, dissemination, revocation and renewal processesCertificate status information services (CRL/OCSP)Keeping the records for certification operationsTime stamping services


Electronic CertificateService Provider (ECSP)

It is indispensable for an ECSP to own the following principles in order to be able to maintain its processes appropriately:

Trust and reliabilityCapability and expertiseStability and continuityImpartialityTechnical and physical infrastructureQuality focused customer services


“Electronic Signature” Definition

EU Directive 1999/93/EC‘electronic signature’ means data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication;

(also ETSI TS 101 456 definition)


“Advanced Electronic Signature” Definition

EU Directive 1999/93/EC‘Advanced electronic signature’ means an electronic signature which meets the following requirements:

(a) it is uniquely linked to the signatory;(b) it is capable of identifying the signatory;(c) it is created using means that the signatory can

maintain under his sole control; and(d) it is linked to the data to which it relates in such

amanner that any subsequent change of the data isdetectable.



“Qualified Electronic Signature” Definition

EU Directive 1999/93/ECQualified Electronic Signature: Advanced electronic signature which is based on a qualified certificate and which is created by a secure-signature-creation device.



Electronic Signature in Turkish Legislation

Turkish Electronic Signature Law (No. 5070) has been put into effect on July 23, 2005.Regulations have been published by Turkish Telecommunications Authority on January 6, 2005.

Electronic Signature Law (no.5070) – TURKEY

Article 3.b – Electronic Signature

Data in electronic form that are attached to other electronic data or logically linked to that electronic data and used for authentication.


Secure Electronic Signature

a) is exclusively assigned to the owner of signature

b) is generated with the secure electronic signature creation device which is kept under sole control of the signature owner

c) enables the identification of the signature owner based on the qualified electronic certificate

d) enables to detect whether signed electronic data is altered or not subsequently

Article 4 – Secure Electronic Signature (Law no. 5070)


Legal Validity of Secure Electronic SignatureEU Directive 1999/93/EC

Member States shall ensure that advanced electronic signatures which are based on a qualified certificate and which are created by a secure-signature-creation device:

(a) satisfy the legal requirements of a signature in relation to data in electronic form in the same manner as a handwritten signature satisfies those requirements in relation to paper-based data; and

(b) are admissible as evidence in legal proceedings.


Legal Validity of Secure Electronic Signature

Article 5. (Law no. 5070)

Secure electronic signature shall have the same legal effect with that of handwritten signature.

Secure electronic signature shall not be applicable to legal proceedings subject to a special procedure or an official form pursuant to laws and warranty contracts.


“Certificate” DefinitionEU Directive 1999/93/EC

‘Certificate’ means an electronic attestation which links signature-verification data to a person and confirms the identity of that person.

ETSI TS 101 456Certificate: Public key of a user, together with some other information, rendered un-forgeable by encipherment with the private key of the certification authority which issued it (see ITU-T Recommendation X.509).


X.509 Identitiy Certificates1988: ITU-T X.509 version 1 (v1) certificates1993: ITU-T X.509 version 2 (v2) certificates1996: ITU-T X.509 version 3 (v3) certificates

More fields were needed to carry information. The v3 format extends the v2 format by adding provision for additional extension fields. (IETF RFC 3280 – Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile)

Current use X.509 v3 certificate format X.509 v2 CRL format


“Qualified Certificate” Profile

IETF RFC 3739 – Internet X.509 Public Key Infrastructure Qualified Certificates Profile

It is based on [X.509] and [RFC 3280], which defines underlying certificate formats and semantics needed for a full implementation of this standard.This profile includes specific mechanisms intended for use with Qualified Certificates.


“Qualified Certificate” ProfileETSI TS 101 862 – Qualified Certificate Profile

The following statements are defined in the document:

Statement claiming that the certificate is issued as a Qualified Certificate;Statement regarding limits on the value of transactions for which the certificate can be used;Statement indicating the duration of the retention period during which registration information is archived;Statement claiming that the private key associated with the public key in the certificate resides within a Secure Signature Creation Device.


Electronic Certificate

Article 3.i – Electronic CertificateElectronic data binding the signature verification data of the signature owner to identity data of that person

Name Surname

X.509


Qualified Electronic Certificate

Certificate serial numberIssuer and country information A statement identifying the certificate as qualifiedCertificate owner’s identification informationProof of authority to act on behalf of someone else Occupation informationCertificate usage conditionsCertificate validity period

Qualified Electronic Certificate

Signature Verification

Data(Public Key)

ECSP’s Electronic Signature

Article 9 (Law no.

5070)


Common Certificate Types

Qualified Electronic Certificates (QEC)SSL Server CertificatesObject Signing CertificatesSecurity Certificates / Simple Electronic Certificates

Root Certificates


Why Electronic Signature?Electronic signature allows secure transactions through electronic media in the following applications while enabling time, money and human resources savings.

Electronic correspondence and agreements Legal processesFinancial and banking applications Electronic transactions with governmental bodiesInsurance applicationsBusiness processes running on ERP or document management applicationsE-government, e-commerce, e-business applications


Identity FraudIdentity Fraud ((IdentityIdentity))

Eavesdropping Eavesdropping ((ConfidentialityConfidentiality))

InternetInternet

Barış Ayşe

Bora

ModificationModification((IntegrityIntegrity))

InternetInternet

AyşeBarış

Bora

BankInternetInternet

Barış

InternetInternet

AyşeBarış

Bora

Send 10.000 USD to my account!

Payment should be

done!

I will receive the payment

soon!

Bora

Where is the payment?

?!?

I didn’t withdraw the money!

Send 100.000 USD!

Barış (Bora): Send the payment to this account.

What is going on?

People can repudiate People can repudiate ((Non-repudiationNon-repudiation))


Basic PKI Functions

Confidentiality

IdentityIntegrityNon-repudiation

E-signature

Encryption


Key Pair

Article 3.d – Signature Creation Data (Law no. 5070)Unique data such as password and cryptographic keys belonging to signature owners and being used by signature owner in order to create electronic signatures

Article 3.f – Signature Verification Data (Law no. 5070) Data such as passwords and cryptographic public keys used for the verification of electronic signatures


Hashing AlgorithmsHashing Algorithms

Always downsizes the message to a fixed length hash valueThe message could not be regenerated using the hash valueNo two different messages have the same hash value

Hallo

F&r

Hello

$½HASH

Output

Inp

ut

Inp

ut Output

SHA-1, SHA-2, MD5


E-Signature Technique

?= Y Sign

?=NSign X

Hello

=?

;+?(^!’;+?(^!’

RSA

;+?(^!’Output

Input

$½

$½

$½

RSA

Input

Input

InputHello

Output

SHA-1SHA-1

Signature creation

device

Signature verificatio

n device

Signature creation

data

Signature verificatio

n data


Secure Electronic SignatureCreation Devices

a) Electronic signature creation data produced by those devices are unique

b) Electronic signature creation data recorded in those devices cannot be derived in any means and their secrecy is assured

c) Electronic signature creation data recorded in those devices can not be obtained or used by third parties and electronic signatures are protected against forgery

d) The data to be signed can not be altered by anyone except the signature owner and can be seen by the signature owner before the generation of signature

Article 6 (Law no. 5070)


Secure Electronic SignatureCreation Devices

According to technical and legal requirements, secure electronic signature creation devices are selected as smart cards and tokens that possess specific security standards (EAL4+).


Administrative Security

Which key pair belongs to whomKey pair generationTrue identification

Declaration of someone’s possession of the public key (signature verification data) by a trusted third party

Electronic certificate Electronic Certificate Service Provider –

ECSP (Certification Authority – CA)


Repository of an ECSPEnd user certificates issued by the ECSPCertificate Revocation Lists (CRL)Root certificates of the ECSPCertificate Policy (CP)Certification Practice Statement (CPS)Time Stamping PoliciesTime Stamping Practice Statement Agreements (subscriber, relying party, etc.)


PKI ComponentsPKI components are the elements that comprise a public key infrastructure, including entities (such as CAs and RAs) and individuals (such as subscribers and relying parties) participating within the system, technologies (such as algorithms and key generation software), processes (such as key management procedures and directives), records (such as digital certificates, operational logs), and policy instruments (such as CPs, CPSs and agreements).


• Laws• Ordinances• Communiques• Decrees

• Subscribers• Relying Parties

COURTS REGULATORY BODY

PEOPLE / ORGANIZATIONS

LEGISLATION

CERTIFICATION SERVICE PROVIDERS

S o f t w a r e a n d H a r d w a r e P r o d u c t s

TECHNOLOGY

AGREEMENT

ASDLFKJSDLKFSDFKJSDLKJFSLDKJFSDKFJSLDFSDLFSKDFHSKDFHSDKFHSKDJFHSDK IUTYITYTIYIYIYIYIYTIYITYITYRITYIUTYIETYEIRTYT

POLICY DOCUMENTS AND AGREEMENTS

• CP and CPS• Subscriber Agreements

Certificate Revocation Lists

PROCESSES

• Key Management• Certificate Issuance• Certificate Revocation• Other Records

Name

Title

CERTIFICATE

MECHANISMS

• Digitial Signature• Encryption• Messaging

CRYPTOGRAPHIC ALGORITHMS• Single Key Methods• Public Key Methods• Hashing Methods

3$½{2STANDARDS

• ISO• ITU• ANSI• RSA Labs• NIST• ETSI

PKI COMPONENTS


PKI Business ModelsOrganizational (Closed) PKI Models

The ECSP itself is the relying partyThe relying party can outsource the PKI services to third parties for issuing certificates for the subscribers on its behalfProvides offering PKI services and certificates to the personnel, clients, suppliers, etc. of organizations. The PKI service provider forms a legal bond via a contract with the users and the relying parties of the system.


PKI Business ModelsPublic (Open) PKI Models

More than one ECSPOpen to public usage for general purposesECSPs stand as a trusted third party against the subscribers (certificate users) and relying partiesLegislation guarantees the service quality of the ECSPs and protects the subscribers and relying parties


Trust Models and PKI Architectures

HierarchyA central Certification Authority recognises each CARelying parties just trust the central CA

MeshCAs directly recognise each otherEach relying party just trusts its own CA that in turn trusts the remote CA

Web / trust model A repository of trusted Certification AuthoritiesEach relying party trusts all distributed certificates of the list

Bridge infrastructureA central technical infrastructure cross-recognises each concerned CAEach relying party just trusts its own CA that trusts the bridge that in turn trusts the remote CA


Hierarchical PKI Architecture

Central CA

Issuing CAs

End entity certificates

CA-1 CA-2 CA-3


Mesh PKI Architecture

CA-1

CA-2

CA-3

CA-3


Web / Trust PKI Architecture

CA-1 CA-2 CA-3

List of Trusted CAs


Bridge PKI Architecture

CA-1 CA-2 CA-3

CA-a

CA-b

CA-c

Hierarchical PKI Architecture

Mesh PKI Architecture

Bridge


Certificate Life CycleCertificate application and registration

Certificate issuance, delivery and dissemination

Certificate renewal and rekey

Certificate revocation and suspension

Certificate status services


Certificate Application and Registration Process

Registration Authority (RA)

ECSPCertificate content information

•Certificate application form •Subscriber agreement•Legal documents•First controls

Application documents


Critical Issues about Application and Registration

People who wish to obtain qualified electronic certificates or other personal certificates can apply personallyCompanies that wish to obtain certificates on behalf of their employees can file applications provided that personal application documents existServer administrators or authorized representatives may apply for server certificatesPersonal or organizational identity validation should be done appropriately by the ECSPApplication documents should be collected by the ECSP and the applicant should be registered accordingly


Certificate Issuance, Delivery and Dissemination Process

DirectoryServer (LDAP)

ECSP Policies/Certificate Profiles•Distinguished name (DN) content•Validity period•Key length•Usage constraints


Critical Issues about Generation and Dissemination

Certificate generation is done under appropriate security proceduresSuitable certificate profiles are used according to the applicant’s certificate requestSmart cards or tokens that contain the generated certificates and the signature creation data are prepared for delivery under strict security conditionsSmart cards, tokens and the access codes are sent to the subscriber separately and delivered by identity validationCertificates are published for public access if the subscriber has given written consent


Certificate Renewal and Rekey Processes

Registration Authority (RA)ECSP

Controls

Renewal request

ControlsUser authentication and renewal application(digitally signed)

Renewal or Rekey

Operations

Renewal request


Critical Issues about Renewal and Rekey

Certificates can be renewed before the end of their expiry dateCertificates are not renewed beyond 3 (three) years with the same key pairProper identity checks are done during renewal and rekeyIf certificate content changes, the certificate can not be renewed but it can only be rekeyed with new personal information


Certificate Revocation and Suspension Processes

ECSP

User authenticationCertificate information (content, serial no)Revocation/Suspension reasonRevocation/Suspension date and time

CRL

DirectoryServer

OCSPResponder


Critical Issues about Suspension and Revocation

Circumstances for revocation:Upon request by the subscriberInformation within the certificate is false or incorrect,A change occurs in the information regarding the subject included in a certificate’s contentIt is learned that the subject’s legal capacity is restricted, or the subject is bankrupt or lost in danger of death, or died,The private key has been lost, stolen, disclosed or a risk of access or use by a third party arises,The secure electronic signature creation device in which the private key is located has been lost, broken down or compromised,It is understood that the certificate has been used in contradiction to the provisions of the CP and CPS documents and the Subscriber’s Agreement,ECSP suspends provision of certification services.



Circumstances for suspension:

Where the source of a certificate revocation request could not be verified, ECSP shall suspend, rather than revoke, the certificate in question until the verification is finalized, or upon a request where the end user is unsure whether any circumstance that requires revocation does exist.



Who can request revocation or suspension?

The subject himself, for personal certificates,The server administrator, for server certificates,An authorized person of a company or an institution to which the subject or server is associated, for certificates in organizational use,ECSP’s authorized personnel for end user certificates and root and subroot certificates where security concerns with respect to the ECSP necessitate.



The certificate owner (subscriber):during the course of certificate registration process or until the end of the certificate life time, shall notify the ECSP as soon as possible to ensure that the certificate is revoked for the changes of any kind in his/her personal information that is contained in the certificate itselfin cases where there is a risk of usage by other person or persons of the signature creation device or the data required for accessing the device or even the conditions which may bring about such a risk emerge, shall immediately notify the ECSP in order the certificate to be revoked

(from the “TURKTRUST Letter Of Commitment by the Qualified Certificate Owner – Subscriber Agreement”)



The ECSP should immediately resolve all certificate revocation requests transmitted over the web, by telephone or on paper, following the approval of the request and authentication of the request.

Relying parties are under obligation to verify the related certificate to rely on an electronic signature transmitted. To verify a certificate’s status, updated CRLs published by the ECSP or the on-line certificate status inquiry service OCSP should be used. It is recommended that relying parties should use secure signature verification devices when verifying electronic signatures

The duration of suspension may not exceed a certain period. Those still in suspension at the end of this period shall be automatically revoked for security reasons


Certificate Status Services

Certificate controls during e-signature verification

Certificate validity periodSignature of the issuing ECSPStatus of the certificate (whether revoked or not)Usage constraints

CRL

DirectoryServer

OCSPResponder

Relying partySubscriber

(Certificate user) ECSP


Critical Issues about Certificate Status Services

ECSPs should issue a new CRL periodically even if there is no change in the status of current certificates. Generally, the CRLs are published daily.

ECSPs have to provide uninterrupted on-line certificate status protocol OCSP support. By the real time certificate status inquiry that is more reliable than CRLs, customers may inquire the status of certificates online and get immediate status response by using appropriate software on the customer side.

It is recommended that relying parties when inquiring the status of certificates should prefer OCSP if their technical capabilities allow and opt for CRL as a second alternative.


Directory ServicesA directory service is a software application that makes resources on a network accessible to users and other applicationsAlmost all directory services are based on the X.500 ITU standardUsually more than one namespace (trees of objects) are used to form the directory serviceA directory service is highly optimized for reads and provides advanced search possibilities on many different attributes that can be associated with objects in a directory


Directory Service Application Protocol

Common directory services used by ECSPs enablingeffective certificate search utilize

Lightweight Directory Access Protocol (LDAP) Based on X.500 standardSupports TCP/IPAn open protocolIETF RFC 4510 specifies LDAPv3The Lightweight Directory Access Protocol (LDAP) is an Internet protocol for accessing distributed directory services that act in accordance with X.500 data and service models


BibliographyCWA 14167-1 – Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures - Part 1: System Security Requirements (June 2003)CWA 14169 – Secure Signature-Creation Devices "EAL 4+“ (March 2002)Digitial Signature Law Survey (https://dsls.rechten.uvt.nl)ETSI TS 101 456 – Policy requirements for certification authorities issuing qualified certificates (April 2002)ETSI TS 101 733 – Electronic Signatures and Infrastructures (ESI); Electronic Signature Formats (December 2003)ETSI TS 101 862 – Qualified Certificate Profile (January 2006)EU Directive 1999/93/EC on a Community framework for electronic signatures (December 1999)FIPS PUB 140-2 – Security Requirements for Cryptographic Modules (March 2002) (Supercedes FIPS PUB 140-1, January 1994)IETF RFC 2634 – Enhanced Security Services for S/MIME (June 1999)IETF RFC 3161 – Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) (August 2001)IETF RFC 3280 – Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile (April 2002)IETF RFC 3369 – Cryptographic Message Syntax (CMS) (August 2002)IETF RFC 3647 – Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework (November 2003)IETF RFC 3739 – Internet X.509 Public Key Infrastructure Qualified Certificates Profile (March 2004)IETF RFC 4510 – Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map (June 2006)


BibliographyISO 15408 Part 1 – Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model (October 2005)ISO 15408 Part 2 – Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional requirements (October 2005)ISO 15408 Part 3 – Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance requirements (October 2005)ISO/IEC 27001:2005 – Information technology – Security techniques – Information security management systems – Requirements (former BS 7799-2:2002 – Information security management systems — Specification with guidance for use)ISO/IEC 27002:2005 – Information technology – Security techniques – Code of practice for information security management (former ISO/IEC 17799:2005 – Information technology — Security techniques — Code of practice for information security management)ISO/IEC 17025, EN 45001 – General requirements for the competence of testing and calibration laboratoriesISO/IEC Guide 62, EN 45012 – General requirements for bodies operating assessment and certification/registration of quality systemsISO/IEC Guide 65, EN 45011 – General requirements for bodies operating product certification systems


BibliographyITU-T Recommendation X.500 – Information technology - Open Systems Interconnection - The Directory: Overview of concepts, models and servicesITU-T Recommendation X.509 – Information technology - Open systems interconnection - The directory: Authentication frameworkEuropean Electronic Signature Standardisation Initiative (EESSI) – Final Report of the EESSI Expert Team (July 1999)PKI Assessement Guidelines – American Bar Association – Guidelines to Help Assess and Facilitate Interoperable Trustworthy Public Key Infrastructures (June 2001)TURKEY - Electronic Signature Law no. 5070 (January 2004)TURKEY - Ordinance on the Procedures and Principles Pertaining to the Implementation of Electronic Signature Law (January 2005)TURKEY - Communiqué on Processes and Technical Criteria Regarding Electronic Signatures (January 2005)TÜRKTRUST Certificate Policies (CP) Version 01 (May 2005)TÜRKTRUST Certification Practice Statement (CPS) Version 01 (May 2005)

59

PKI SYSTEMS

Concepts, Processes, Components

TÜRKTRUST Information Security Services Inc.

Mert ÖZARARProject Senior Engineer

[email protected]

1 pki systems concepts, processes, components tÜrktrust information security services inc. mert...

Documents

electronic certificates

electronic data

electronic form

ec electronic signature

definition slide

certification authorities

revocation processes

definition of etsi ts