PKI and Biometrics - International Biometric Foundation

advertisement
What is PKI?
PKI stands for Public Key Infrastructure and refers to the infrastructure and procedures required to
facilitate the management, distribution, storage and revocation of certificates based upon public key
cryptography. This in turn seeks to provide secure data exchange over third party networks such as the
Internet.
A PKI effectively provides a tool set with which organisations or private individuals can implement a level
of data transmission security appropriate to their needs. In some cases this may be signing a message or
document with a digital signature in order to verify it's source, whilst in other cases it may mean total
encryption of the message as well as digital signing. In addition to the desired privacy of information, a
PKI seeks to provide:
Integrity - to verify that a message or document is genuine and has not been manipulated or changed since
it's original creation and signing.
Authentication - to verify the identity of the individual or organisation sending the message.
Non repudiation - to ensure that the originator of the message or transaction can not subsequently disown
it.
Why do we need it?
The Internet is a powerful enabler for all manner of communication and electronic transactions. However,
the topology of the net is such that it is effectively spread across a huge number of servers, routers and
geographic locations and cannot therefore be regarded as a trusted network. A typical electronic message
or transaction may be passed between a number of servers and routing devices before reaching it's final
destination, each step representing a potential opportunity for interception.
In addition, for many transactions undertaken over the net, the users involved neither see, hear or even
know each other, leaving little scope for reaching intelligent conclusions as to the integrity of the received
message, or the authenticity of the identity of the originator.
We therefore need a methodology to ensure authenticity and integrity of messages and transactions
transported via the Internet, or indeed, any such untrusted network outside the immediate control of the
user. PKI offers such a methodology, which can be used in a variety of scenarios, but is especially
pertinent to the Internet.
Cryptography
The concept of cryptography has been around for a very long time, although these days we tend to think of
it in terms of a cipher to automatically change the protected information into an unrecognisable format
until it reaches the authorised recipient who can decrypt the message using the appropriate deciphering
methodology. In simple terms, we can think of the cipher as a means of substituting a block of text with
another according to a predefined set of rules. The cipher is used in conjunction with a key to encrypt the
message and a key to decrypt the message. Symmetric ciphers use the same key to encrypt and decrypt the
message, whilst asymmetric ciphers use different keys for encryption and decryption. Popular symmetric
ciphers include DES, RC2 and RC4. Popular asymmetric ciphers include RSA, DSA and Diffie-Hellman.
Symmetric ciphers generally perform much faster in typical operation, although asymmetric ciphers have a
significant advantage with regard to the distribution and management of keys.
Public / Private Keys
With an asymmetric cipher model, because we are using separate keys for encryption and decryption, we
have the opportunity to make one of the keys public without compromising security. This means that you
can send or publish the 'public' key to a broad audience, enabling them to encrypt messages that they wish
to send to you. You can then decrypt these messages using your 'private' decryption key. Providing you
keep this key safe, you can be assured that only you can read messages that have been encrypted with your
public key. Similarly, you can acquire the public key for another individual or organisation and use this to
encrypt the messages you send to them, in order that only they may decrypt and read such messages.
Certificates
A certificate is the digital document published by the Certificate Authority in order to make public keys
accessible. The certificate contains the public key itself, information about the public key owner,
information about the issuer of the certificate and the issuing authority's digital signature to ensure
authenticity.
In order to create a certificate for yourself or your organisation, you need to make a certificate request,
usually via a Registration Authority which acts as an intermediary between yourself and the Certificate
Authority. There are two primary types of certificate request, known as PKCS#10 and RFC2511, with
PKCS#10 perhaps being the most popular. The PKCS#10 certificate request typically consists of a version
number, the certificate owners name (as in 'Distinguished Name' or Dname), the certificate owners public
key and other attributes that the owner may wish to publish such as e-mail address, telephone number and
so on. The Dname is an ordered set of owner attributes which includes the applicable two letter country
code, the state or province, the locality or street, the organisation name, the organisation department, and
the individual owners name.
When the Certificate Authority receives the request, it will check the authenticity and if satisfied, will sign
and publish the certificate accordingly. The owner may wish to generate their own key pair and submit the
public key to the Certificate Authority for inclusion in the certificate, thus keeping the private key totally in
house. Alternatively, the Certificate Authority may generate the key pair and send the private key back to
the certificate owner when the certificate is created and published.
Of course, it is possible for an individual or organisation to generate keys and send the public key directly
to trusted parties without formally going through the certification process. However, managing the ongoing
situation could become extremely complicated, especially if the private key was compromised in any way.
A trusted Certificate Authority thus provides a useful management function for those wishing to utilise a
PKI. Part of this management includes maintaining the validity of public keys via regular updates and also
maintaining a 'revocation' database for keys which have been revoked for one reason or another.
Digital Signatures
Encryption may provide us with increased confidence that our message will not be seen by unauthorised
third parties as it travels the net. However, there are still issues around authenticity, both of the contents of
the message and of the sender. If you receive a message with a header which says it is from Charlie Brown,
how do you know that Charlie Brown really sent the message? Similarly, how do you know that the
contents of the message have not been tampered with in some way? Digital signatures seek to provide an
answer by allowing the message originator to digitally 'sign' the message before sending it to the recipient.
To do this, the sender uses his private key in association with a hash function in order to create a unique
identifier for the message (the text of which may or may not be encrypted). The hash function creates a
specific output stream for a given block of text. Such a text block will always hash to the same value, but
different text blocks will produce different hash outputs. Thus, if anything changes within the text block
between original transmission and final reception, then applying the hash function to the received message
will produce a different output which can subsequently be compared with the original. If the two hash
outputs do not match, then we know that the message has been corrupted somewhere along the line.
The originator of the message creates a hash from the document, encrypts the hash with his private key in
order to create the digital signature and then sends both the message and the signature to the recipient. The
recipient creates a hash from the message, decrypts the signature to recreate the original hash and then
compares the two hash values. In practice, good quality available software streamlines this process for the
user.
The benefits are twofold. Firstly, the recipient can have confidence that the received message has not been
tampered with or altered in any way, because the two hash values match. Secondly, the recipient can have
confidence as to the true identity of the sender, because he used the sender's public key to decrypt the
digital signature. If we utilise message encryption and digital signatures within a PKI environment, our
confidence in data exchange over untrusted networks is increased considerably.
What are the weaknesses of PKI?
OK, if PKI is so great, why hasn't it quickly become the norm for all data traffic over the Internet and other
uses such as data storage on workstations and networks? Well, firstly, we should acknowledge that not
everyone needs or desires this increased level of security. Many people are happy enough with the default
levels of security provided by ISP's and common web browsers and e-mail clients, although there does
seem to be a growing mistrust even in this area. For commercial and legal transactions however, there is a
real need for increased confidence around electronic data exchange via untrusted networks. In this context,
PKI is particularly interesting.
One of the often repeated concerns lies in the area of key management, and in particular, the likelihood of
your private key being misused or perhaps stolen. For example, if the operation of your private key is
protected by a PIN, then this may easily be compromised at your workstation by someone who wishes to
pretend to be you and makes it his or her business to discover that PIN. Similarly, if the private key is
stored on your computer's hard disk, then how easy is it for someone to hack into your computer and copy
this file? If someone acquires and is able to use your private key, then your PKI environment is powerless
to protect you as this person could intercept messages meant for you and easily decrypt them. Furthermore
they could pretend to be you within the context of important transactions, with all the implications that this
entails. Key management and key security therefore become paramount within a PKI environment.
The Relevance of Biometrics
Biometrics offer the potential to considerably enhance the PKI model in the same way that they have
brought significant benefits to the more conventional user authentication area. Let's take for example the
ability to restrict the use of your private key for encryption and decryption. Using a PIN for this provides a
certain level of perceived security, although the actual level is rather low. Using a biometric, such as a
fingerprint for example, provides a substantially higher level of confidence. The likelihood of someone
else using your workstation or mobile computer and successfully using your biometrically protected
private key is reduced to almost infinitesimal proportions. In a similar manner, you might link a biometric
to local or network file encryption in order to ensure that only the person who encrypted the file will be
able to decrypt and read it. Merging these two related technologies promises some exciting possibilities in
the area of secure data exchange and general encryption.
Let's bring in another old friend, the chip card or smart card as it is sometimes known. If we undertake key
management functionality right on the card itself and maintain the private key in the secure area of the
chip, then we can use the private key straight from here, removing the problems associated with storing the
private key on the hard disk. The user now has absolute control over the key and can carry it around with
him or keep it secure, just as he would with a physical key. If we now protect access to this private key via
a biometric, we have created a considerably higher confidence level as to the true identity of the originator
and digital signatory of a specific PKI message. In addition, we have dramatically reduced the possibility
that the private key could be fraudulently acquired by a third party as we are physically securing it away
from a hard disk or network drive.
Moving Forward
The integration of biometrics, chip cards and PKI technology offer the potential for high confidence data
exchange over non trusted networks in applications where security is paramount. There are of course
several variations on exactly how such a model would, or should be implemented and we should consider
each application on its merits.
We should also consider the user position in this context. Some people may be wary of having the
biometric template on the chip card for fear of identity theft should the chip card be lost or stolen. Others
are wary of using biometrics with a PKI because of the enhanced non repudiation that this offers, feeling
that their anonymity is compromised and that third parties such as law enforcement agencies might use this
against them. For every distinct view on the subject, it is likely that you will find an equally distinct
opposing one. Clearly a solution which seems ideal for one group will not necessarily be acceptable to
another and we should be cognisant of this reality. Perhaps the answer lies in developing the technological
infrastructure that allows for all levels to be accommodated, and then letting the user choose to what
degree they wish to use the functionality. For example, a particular solution may integrate biometrics, chip
cards and PKI, but allow the user to choose whether they use a biometric or a PIN, how and where the
biometric template is stored and other variables. This would then place the choice, and the responsibility
for that choice with the user or user organisation. If adopting a higher level of security unlocks enhanced
functionality, or otherwise, as the case may be, then why not allow the user to choose accordingly? This is
perhaps a thorny question, especially when we move into the territory of public applications, but these are
the sort of questions we need to ask as the relevant technology continues to move forward. From a
technical solution perspective, the integration of biometric and PKI models offers the potential for
substantially enhanced confidence in data exchange over untrusted networks, especially in the areas of
digital signing and non repudiation. Historically, the two camps have not always seen eye to eye on the
subject, but maybe it is time to move closer together and understand the potential advantages and how
these might be offered to user communities.
Download