PKI: A Technology Whose Time Has Come in Higher Education EDUCAUSE Southwest Regional Conference February 26, 2004 Our Systems Are Under Constant Attack • • • • • • Trojan horses Worms Viruses Spam Hackers Disgruntled insiders • Script kiddies 2 Some of These Attacks Succeed Spectacularly • Loss of personal data • Outages • Potentially huge costs: – Productivity loss (user and IT staff) – Remediation – User notification – Bad publicity, loss of credibility – Lawsuits? For real-life examples involving thousands of users see the excellent EDUCAUSE session entitled “Damage Control: When Your Security Incident Hits the 6 O’Clock News” www.educause.edu/ir/library/ra/EDU0307.ram 3 IT Security Risks Escalate • More and more important information and transactions are online: – – – – – – • Personal identity information Financial transactions Course enrollment, grades Tests Licensed materials Confidential research data We must comply with increasingly strict regulations: – – Health information - HIPAA: http://www.hhs.gov/ocr/hipaa/ Educational records - FERPA: http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html 4 Specific Example: Email • Spoofing email is trivial (simple setting in most email clients) – Spoofed message from professor postponing a final – Inappropriate message seemingly from College President to female student • Email is like a postcard written in pencil – Others on network can see (or even modify) contents if not encrypted (really easy on wireless!) – You may use SSL, but what about other hops between mail servers? • Viruses or worms can forward random messages from email archives to random recipients in address book – HR employee forwarding salary data to random employees 5 Specific Example: Student Information System • Provides online enrollment, schedule, grades • FERPA protected information • Available to hackers Q: What if someone hacks your authentication system and downloads grades from thousands of students? A: You are probably obligated by law to notify every individual whose grades may have been exposed! 6 Problems With Centralized Passwords Managing the Multitude: User Perspective • Users HATE username/passwords • Too many for them to manage: – Re-use same password – Use weak (easy to remember) passwords – Rely on “remember my password” crutches • Forgotten password help desk calls cost $25 - $200 each (IDC) and are far too common • As we put more services online, it just gets worse… 8 Managing the Multitude: Admin Perspective • Many different username/password schemes to learn, set up, and administer: – Backups, password resets, revoking access, initial password values, etc. • Multiple administrators have access to usernames/passwords – many points of failure 9 Ending the Madness • Traditional approaches – Single password – Single sign-on, fewer sign-ons • PKI – Local password management by end user – Two factor authentication 10 Single Password • Users like it, but… • Requires synchronizing passwords (inherently problematic) – actually makes admin madness worse! • Single username/password becomes single point of failure… Hack weakest application and get passwords to all applications! • Costly to maintain and difficult to make work well. • Passwords databases exposed on network and to administrators, as vulnerable as your weakest application. 11 Single Sign-on, Fewer Sign-ons • More secure & provides some relief for users, but… • Requires infrastructure (e.g. WebISO or Kerberos sidecar). • Fewer sign-ons still has synchronization problems. • Single sign-on solutions are typically for web applications only. • Kerberos sidecar has problems with address translation and firewalls and is not widely supported. • Password database still exposed on network and to administrators. 12 Password Sharing • Corrupts value of username/password for authentication and authorization. • Users do share passwords: PKI Lab survey of 171 undergraduates revealed that 75% of them shared their password and fewer than half of those changed it after sharing. • We need two factor authentication to address password sharing. 13 PKI’s Answer to Password Woes • Users manage their own (single or few) passwords. • Cost-effective two factor authentication. • Widely supported alternative for authentication to all sorts of applications (both web-based and otherwise). 14 PKI Passwords Are Local to Client • PKI eliminates user passwords on network servers. • Password to PKI credentials are local in the application key store or in hardware token. • User manages the password and only has one per set of credentials (likely only one or two). • Still need process for forgotten password, but it is only one for all applications using PKI authentication, and users are much less likely to forgot it since they use it frequently and control it themselves. 15 Underlying Key Technology • Asymmetric encryption: a pair of asymmetric keys is used, one to encrypt, the other to decrypt. • Each key can only decrypt data encrypted with the other. • One key is private and carefully protected by its holder. The other is public and freely distributed. • Authentication challenges the supplicant to encrypt something with the private key. If it decrypts properly with public key, then they have proven who they are. • Private key and password always stay in the user’s possession. Encrypt (anyone with public key) Plain Text Encrypted Text Decrypt (possessor of private key only) 16 PKI Enables Single Password and Single Sign-on • User maintains one password on their credentials. • PKI credentials authenticate user to the various services they use via PKI standards. • No need for password synchronization. • No additional infrastructure other than standard PKI and simple, standard hooks for PKI authentication in applications. • Typically less effort to enable PKI authentication than other SSO methods. 17 PKI Provides Two Factor Authentication • Requires something the user has (credentials stored in the application or a smartcard or token) in addition to something a user knows (local password for the credentials). • Significant security improvement, especially with smartcard or token (a post-it next to the screen is no longer a major security hole). • Reduces risk of password sharing. 18 But Wait There’s More… Other Benefits of PKI Digital Signatures • Our computerized world still relies heavily on handwritten signatures. • PKI allows digital signatures, recognized by Federal Government as legal signatures: – Reduce paperwork with electronic forms. – Much faster and more traceable business processes. – Improved assurance of electronic transactions (e.g. really know who that email was from). Federal digital signature information: http://museum.nist.gov/exhibits/timeline/item.cfm?itemId=78 20 Digital Signatures • Signer computes content digest, encrypts with their private key. • Reader decrypts with signer’s public key. • Reader re-computes the content digest and verifies match with original – guarantees no one has modified signed data. • Only signer has private key, so no one else can spoof their digital signature. Compute digest, sign & date, encrypt (possessor of private key only) Plain Text Encrypted Text Verify signature, check digest (anyone with public key) 21 Encryption • Strong encryption with extensible number of bits in key. • Can use same PKI digital credentials as authentication and digital signatures. • More leverage of the PK Infrastructure. • Easy to encrypt data for any individual without prior exchange of information – simply look up their certificate which contains their public key. 22 Encryption • • • • Asymmetric encryption prevents need for shared secrets. Anyone encrypts with public key of recipient. Only the recipient can decrypt with their private key. Private key is secret and protected, so “bad guys” can’t read encrypted data. Encrypt (anyone with public key) Plain Text Encrypted Text Decrypt (possessor of private key only) 23 Benefit: User Convenience • Fewer passwords! • Consistent mechanism for authentication that they only have to learn once. (UT Houston Medical Center users now request that all network services use PKI authentication.) • Same user credentials for authentication, digital signatures, and encryption – lots of payback for user’s effort to acquire and manage the credentials. 24 Benefit: Coherent Enterprise-Wide Security Administration • Centralized issuance and revocation of user credentials (goes hand in hand with identity management). • Consistent identity checking when issuing certificates. • Same authentication mechanism for all network services. • Leverage investment in tokens or smart cards across many applications. 25 Interoperability With Other Institutions • Inter-institution trust allows identity verification and encryption using credentials issued by a trusted collaborating institution: – Signed forms and documents for business process (e.g. grant applications, financial aid forms, government reports) – Signed and encrypted email from a colleague at another school – Authentication to applications shared among consortiums of schools – Peer to peer authentication for secure information sharing 26 Standards Based Solution • Standards provide interoperability among multiple vendors and open source. • Wide variety of implementations available and broad coverage of application space. • Level playing field for open source and new vendors – promotes innovation and healthy competition. 27 Unequaled Client and Server Support • • • • • Windows, Macintosh, Linux, Solaris, UNIX Software and hardware key storage Commercial and open source Development libraries, toolkits and applications Certificate Authority, directory, escrow, revocation, and other infrastructure tools • Apache, Oracle, IIS, SSL, Web Services, Shibboleth, etc. • Applications from: Microsoft, Sun, Cisco, IBM, BEA, RSA, Verisign, DST, Entrust, AOL, Adobe, Infomosaic, Aladdin, Schlumberger, and many others • For more about applications of PKI: www.dartmouth.edu/~deploypki/applications.html 28 Momentum Outside Higher Education • Industry support for PKI • Federal and State governments major adopters • Microsoft, Johnson and Johnson, Disney, heavy industry adopters • Major deployment in Europe • China pushing WAPI wireless authentication that requires PKI • Web Services (SAML uses PKI signed assertions) 29 Likely Federal Opportunities • FBCA, HEBCA bridge projects • Proof of concept NIH EDUCAUSE project to demonstrate digitally signing documents for submission to the Federal government • Possible DOE, NSF, NIH applications for Higher Education? 30 Dartmouth PKI Lab • R&D to make PKI a practical component of campus networks • Multi-campus collaboration sponsored by the Mellon Foundation • Dual objectives: – Deploy existing PKI technology to improve network applications (both at Dartmouth and elsewhere). – Improve the current state of the art. • Identify security issues in current products. • Develop solutions to the problems. 31 Production PKI Applications at Dartmouth • Dartmouth certificate authority – Over 700 end user certificates issued, 483 of them for students • Authentication for: – Banner Student Information System – Library Electronic Journals – Tuck School of Business Portal – VPN Concentrator • S/MIME email (Outlook, Mozilla, Thunderbird) 32 Second Wave of PKI Deployment at Dartmouth Actively developing: • Authentication for: – Blackboard Course Management System – Software downloads • Hardware tokens – Required for VPN access to secured subnets • Higher assurance certificates (picture ID check) • We plan to reach all Dartmouth users with PKI through continued deployment of applications and increasing incentives and requirement for its use 33 Investigation and Research • Greenpass: pilot of delegation of PKI authentication credentials for wireless 802.1x guest access – Supported by Cisco • Wireless authentication – 802.1x authentication EAP-TLS (PKI) on Windows and Macintosh – WEP or improved WPA encryption – These work well but requires up to date drivers (and sometimes recent hardware/firmware for WPA) 34 “Open Source CA in a Box” • A hardened open source CA (based on OpenCA) bundle suitable for trial and (initially) simple deployment. • “Enforcer” TPM-hardened Linux (product of PKI Lab research) – Controversial TCPA technology turned to use for good and freedom – Secures Linux boot process and provides much enhanced run-time protection against hackers – Useful for any Linux server application – slashdot.org/article.pl?sid=03/09/10/0255245 • Packaging for easy installation • Carefully chosen enhancements to OpenCA – Documentation – Enhanced private key protection – Added features • We welcome feedback on requirements, contributions, testing, etc! 35 Deploying PKI • PKI is a significant undertaking and requires planning and commitment. • Get buy in and support from management, legal, audit, others – a little fear in today’s cyber world is healthy. • Architect carefully, follow examples of others. • Choose your initial applications carefully. • Deploy in phases, plan for future extensibility. • Remember, PKI ROI is excellent when leveraged broadly, but probably not strong for individual applications - take a long term view. • More detailed project plan and how to information for deploying PKI: www.dartmouth.edu/~deploypki/deploying/ 36 Outreach • Many presentations – www.dartmouth.edu/~deploypki/events.html • Planning a PKI Deployment Summit • Working with schools deploying PKI – PKI’s inexpensive 2-factor authentication proving an attractive proposition • Deployment partners: – – – – University of Wisconsin University of Minnesota University of Texas Others getting started (USC, Yale, Brown) • March/April EDUCAUSE Review “New Horizons” article 37 Blatant Advertisement • Please check out our outreach web at: www.dartmouth.edu/~deploypki (still growing, but already has a lot of useful information) • We seek a few schools that we can assist as you deploy PKI credentials and applications for end users! An explicit part of our mission is to directly assist as you in the planning/justification, implementation, and deployment phases. Mark Franklin and others from the PKI Lab can work directly and extensively with your team. 38 For More Information • Outreach web: www.dartmouth.edu/~deploypki • Dartmouth PKI Lab PKI Lab information: www.dartmouth.edu/~pkilab Dartmouth user information, getting a certificate: www.dartmouth.edu/~pki Mark.J.Franklin@dartmouth.edu I’ll happily send copies of these slides upon request. 39