Public Key Infrastructure
What is public key cryptography?
Cryptography is the process of converting plain (readable) text into a form of cyber text, which
is not readable. It does this by using mathematical algorithms to convert this plain text into
cyber text.
Within cryptography there are many cryptographic applications. These include the following: 


Data encryption for confidentiality
Digital signatures/ Verifying data integrity
Certificates for authenticating people, applications, applications and services and for
access control (authorisation)
(What is public key cryptography - RSA Data Security, 1999)
Shared secret and public key cryptography
Within shared secret cryptography there is a sender and a receiver, who use the same key for
their encryption and decryption. Within this method network based key distribution would not
be a secure option because anyone could gain access to the key.
One other method is public key cryptography. This is quite different to shared key
cryptography as it uses a pair of keys, one key being the public key and one being the private
key. The public key can be distributed across a network, enabling anyone to view it, hence the
name. However the private key must be kept a secret and only known by one person and the
application or service that owns the keys. When using public key cryptography, the distribution
key factor is greatly simplified because of the ability to transmit the key over insecure
networks.
“The sender’s key may be used to produce a digital signature, an encrypted block of data which
when decrypted by the recipient, verifies the sender’s identity as well as the integrity of the
data. Public key cryptography can also be used for secure distribution of shared secret keys
across insecure networks” (Shared secret and public key cryptography- RSA Data Security,
1999)
PKI Components and Functions
Search Security defines PKI (Public key infrastructure) as: “A PKI enables users of basically
insecure public networks such as the internet to securely and privately exchange data and
money through the use of public and a private cryptographic key pair that is obtained and
shared through a trusted authority.”
Within PKI there are three main and widely used components; these include:


The Certificate Authority
The repository for keys, Certificates and Certificate Revocation Lists
1

Management console.
(PKI Components - RSA Data Security, 1999)
The Certificate Authority issues certificates. A trusted party, for example VeriSign or GTE
can provide the CA function.
One other component of PKI is the repository for keys, certificates and certificate
revocation lists. This generally based around a light-weight Directory Access Protocol
enabled directory service.
Another main function is a management function. This is implemented by a management
console.
As well as this management console there may be a separate registration authority
associated with the functions. This registration authority is committed to user registration
and accepting certificate requests from users. The first stage of the process is to collect user
information and verify the user’s identity. This can then be used to register a particular user
according to a policy. This process is separate to signing certificates and issuing them.
Figure 1 (below) shows the main server components of Public Key Infrastructure. These are the
Certificate server, the repository, the key recovery server and a management console.
PKI enabled Applications
Secure E-mail
Client
PKI Servers
Secure E-mail
Client
VPN Router
Remote Access
Client
Web
Server
Secure E-mail
Client
Secure E-mail
Client
Management
Console
(Figure 1 - PKI Server components - RSA Data Security, 1999)
2
The RA function can be managed by the human recourses department, whilst at the same time
the Information Technology department of a company can manage the Certificate Authority.
Having, a different department manage the Registration Authority means that it will be harder
for another department to challenge the security system of one organisation. The organisation
itself can decide whether or not to have a separate RA function to be included within the CA
function. An advantage of both the CA and RA functions is that they can be run on both
hardware and software. For example the CA and RA function can be implemented on different
servers whilst having software to manage them. When both the RA and CA function are run on
a system together it is called a Certificate and Registration server.
Table one (below) shows the main Public Key Infrastructure functions which are used in
modern day organisations
Function
Registering users
Issuing Certificates
Revoking certificates
Sorting and retrieving
certificates and certificate
Revocation lists
Policy-based certificate path
validation
Description
Collect user information and
verify identify
Create certificates in response
to a user or administrator
request
Create and Publish Certificate
Revocation lists
Make certificates and CRL’s
conveniently available to
authorised users
Implementation
Function of the CA
Function of the CA
Administrative software
associated with the CA
The repository for certificates
and CRL’s is usually a secure,
replicated directory service
accessible via LDAP
Function of the CA
Impose policy based
constraints on the certificate
chain, and validate if all
constraints are met
Time-Stamping
Put a time-stamp on each
Function of the CA or a
certificate
Dedicated Time Server (TS)
Key lifecycle management
Update, archive and restore
Automated in software or
keys
performed manually
(Figure 2 – Main Public Key Infrastructure functions - RSA Data Security, 1999)
3
PKI FUNCTIONS
The main PKI functions are as follows:







Issuing certificates
Revoking certificates
Creating and publishing CRL’s
Retrieving certificates and CRL’s
Key lifecycle management
Time-stamping
Policy-based certificate validation
Issuing Certificates:
Modern organisations need to accept and reject the certificates from the certificate authority.
This can be accomplished through hierarchical path processing or direct cross-certification.
certification path processing :
The best known hierarchical certification path processing architectures are those maintained by
PKI service organisations such as VeriSign. Typically in such hierarchy:
1. There is a single root at the top
2. The root certifies public primary certification authorities, which issue, suspend, and
revoke certificates for all CA’s within the hierarchy.
3. Public primary certification authorities certify CA’s. PCA’s might also cross-certify
with PCA like entities in other vendors PKI’s
4. At the bottom of the hierarchy there can Local Registration Authorities that evaluate
certificate applications on behalf of the root, PCA or CA that issues the certificate.
The user searches up through this hierarchy if the user does not already trust the CA that signed
a certificate. The user searches through the hierarchy for a trusted CA that has certified the
public key of the CA. (RSA Data Security, 1999)
Cross Certification:
One CA can issue another CA, a certificate that allows the other CA to issue certificates which
will be recognised by the first CA. Cross Certification works directly without a third party.
88828282828(RSA Data Security, 1999)2828282882
Hierarchical and Cross-Certification can be combined:
Both hierarchical and cross-certification can be implemented together within a single security
domain. These can be used for different purposes and different times. An example of this is a
hierarchical system based on a trusted party, maybe necessary when expanding a PKI. However
the bulk of this implementation is accomplished via cross-certification
4
Time-Stamping:
One main extension to content and authenticity of a transaction is knowing the exact time of
when it was transacted. For example the transaction in question might have to be submitted by
a certain time and therefore to be a valid transaction. To overcome this problem we can use
Digital signatures with time-stamps.
Key Lifecycle Management:
PKI performs many different functions, for example issuing a certificate and listing certificates
on a CRL. On the other hand key lifecycle management such as updating, backing up and
achieving keys are performed as a mater of routine.
Each individual user of keys usually have keys that require lifecycle management. An example
of this will be users that have at least one key pair for each secure application e.g. e-mail,
desktop file encryption and VPN. Many applications nowadays use pairs of keys for different
purposes such as digital signatures, bulk encryption and authentication.
Updating Keys:
To reduce key exposure; keys that have been compromised, new keys are introduced regularly.
Backing up keys:
Many users of private keys can forget passwords that protect their private keys. Companies
should be able to restore the keys to the users.
Automated key lifecycle management: A critical PKI function:
Managing keys manually can limit the effectiveness of the PKI. A large PKI has an automated
key management attached with it. This is therefore critical.
How applications work with PKI:
Digital certificates are managed by the PKI and there are used to execute cryptography within
applications. These applications include e-mail and messaging, Web browsers and web servers,
Electronic data exchange. Also in applications that establish secure network transactions,
Communication sessions over the web and VPN’s. Web and VPN’s use protocols such as
S/MILE, SSL and IPSEC. The following describe some of these applications in more detail.
E-mail and messaging:
One application that uses key pairs for encryption of messages and files is secure e-mail.
Examples of this include Microsoft Exchange and IBM’s Notes mail. Programs like these are
allowing more and more users to encrypt their sensitive information.
5
Web Access:
Encryption is used in authentication and confidentiality within browsers and web servers.
Applications like online banking and shopping use authentication and confidentiality within
their applications. Servers can authenticate to clients by using secure socket layer. SSL can also
encrypt web traffic.
Digital Signed Code and Files:
Growing trust on downloading programs and files gives issue to many security concerns; these
mainly being viruses and how to deal with them. Microsoft’s Authenticate uses RSA digital
signatures to verify where it has come from and also the integrity of it. A PKI is implemented
to scale this approach to huge numbers of people using these services.
PKI Standards:
Standards within the PKI area have two groups: The first one being those that specifically
define the PKI and the second one being those of user-level standards that rely on the PKI, but
don’t define it.
Figure 2, below shows the relationship between applications and PKI infrastructure and their
standards.
Digitally
Signed
Code and
Files
E-mail
Online Banking
Groupware
Online Shopping
VPN
SSL
TLS
IPSEC
PPTP
EDI
S/MIME
X.509
PKIX
PKCS
(Figure 2 - Relationship between applications and PKI - RSA Data Security, 1999)
6
The PKI standards permit the use of multiple PKI’s. Multiple applications interfaces within a
single consolidated PKI.
Standards are necessary for the following:






Enrolment procedures
Certificate formats
CRL formats
Formats for certificate enrolment messages (client requests certificate, server issues
certificate)
Digital signature formats
Challenge/response protocols
PKI Standards are based around the working group – Internet Engineering Task Force. The
group is known as the PKIX group (“PKI for X.509 certificates”)
The four central components in the PKIX model are: the user (or “end entity”), CA, RA and
repository. (PKI standards- RSA Data Security, 1999)
Table 2 shows the main components of the PKIX model
Component
User
Part of PKI?
No
Description
User of PKI certificates
and/or not end user system
that is subject of a certificate
Certification Authority
Yes
Issues, stores and revokes
certificates
Registration Authority
Yes
An optional system to which
the CA delegates certain
management functions such
as registering users
Repository
Yes
A system or collection of
distributed systems that store
and allow end entities to
access certificates and CRL’s
(Table 2 - The main components of the PKIX model - RSA Data Security, 1999)
7
PKIX Component Standards
Two other specifications are X.509 from the International Telecommunications union and the
public Key Cryptography Standards from RSA Data Security. The purpose was to authenticate
services for X.500 directory services.
X.509:
One of the most used and supported PKI standard is the ITU’s X.509. Its main purpose is to
define a standard digital certificate format.
Standards that rely on PKI
Nowadays many standards work with a PKI. These include the following:





Secure Socket layer
Transport layer security
Secure Multipurpose Internet Main Extensions
Secure Electronic transactions
IP Security (IPSEC)
All the above allow the use of PKI within their systems
S/MILE:
S/MILE is the standard for secure messaging. Within S/MILE, PKI is used for digital signing
and to support the encryption of messages and attachments. This is done without a shared
secret.
Many people nowadays consider email as being the most popular Internet application. In sight
of this, S/MILE is the top contender when implementing and extending PKI standards. The
S/MILE committee have taken advantage of some of the PKIX standards and added any new
ones that when they felt necessary.
Some of the main standards created by S/MILE committee are “Cryptographic Message
Syntax, Message specification, Certificate handling and the final one Certificate Request
Syntax.
8
SSL and TLS:
One of the most important IETF standards for providing secure access to web servers is SSL
and TLS. TLS being based on SSL. As well as there being the need to secure web servers,
there is also the need to secure non web-based applications. These both rely heavily on PKI for
certificate issuance for clients and servers.
Secure Electronic Transaction:
SET uses keys for authentication, confidentiality and data integrity to secure electronic bank
card payments; PKI is therefore essential for authentication between the bank card user and the
bank.
Deploying a PKI
The following questions are considered when deploying/implementing a PKI


What is the organisation’s PKI Strategy?
Are applications PKI ready?
Consolidating PKI functions for multiple applications:
Many organisations nowadays are consolidating their PKI infrastructure if they have
applications which are PKI enabled. This boasts management efficiency within a particular
company and also saves money. Organisations can if they wish decide to implement their PKI
first then the applications at a later stage. The down side of this approach is that I would be
very complex and their might have to be extra planning involved when dealing with application
drawbacks.
Are Applications PKI ready?
Organisations have to options to become PKI ready:
1. Encourage software vendors to enable their applications. For user organisations, this is
easy and requires no up-front investment. It typically also yields PKI capabilities that
are smoothly integrated with applications. However, the timescale for delivery of PKI
features is out of the user organisation’s control, and PKI features may not ideally fit
the user organisation’s requirements.
2. Use of in-house programming staff or contract programming to PKI enabled
applications. This should yield results that precisely suit the organisation’s needs. It also
allows very smooth integration of PKI functions with in-house applications. In this case
commercial off-the-shelf (COTS) software, the organisation is dependent on API’s
exposed by the developer. These may vary in their suitability to PKI integrations, and to
the user organisation’s particular needs. Organisations planning to customise
applications may wish to evaluate RSA’s enabling tools and PKI servers, which may
reduce the time and cost of the project. (Are Applications PKI ready? - RSA Data
Security, 1999)
9