Experiences with Massive PKI Deployment and Usage

Daniel Kouřil, Michal Procházka

Masaryk University & CESNET

Security and Protection of Information 2009

Public Key Infrastructure

• Asymetric cryptography• Each user and service owns key-pair

• X.509 digital certificates• PGP not suitable

• Certification Authority (CA)• Network of Registration Authorities

(RA)• Relying parties

Distributed environments

• Ithanet project• Network for medical research in

Mediterranean countries• Users were physicians with little knowledge

about computers• Grid infrastructure

• Facilitates collaborations, resource sharing• support of research

• Basic services provided by grid operator• Easy establishment of secure communication

PKI in large-scale environment

• PKI is good candidate for authN in large infrastructures• Scalability

• Several aspects to be considered and addressed• Operators• Users

• General PKI not tied with applications

Operating PKI• CA establishment is not technical

problem• Building trust is crucial

• Many administrative problems• Proper applicants authentication• Protection of signing keys• Proper revocation requests handling• Long-term support• Incident resolution cooperation• …

• CAs publish their policies

International Grid Trust Federation

• Easing orientation for relaying parties• CA managers, identity providers, large relying

parties involved• IGTF builds a federation of „trusted“ CAs

• approving procedures and minimal requirements

• reviews the CA policies (CP/CPS)• Flat model – no root IGTF CA• Unified name space for subject names

• User is uniquely identified by their subject name

Revocation checks

• Revocation is a must• Often neglected by administrators or

applications• It‘s impossible to check CRLs with Firefox

• Certification Revocation Lists (CRLs)• Online Certificate Status Protocol (OCSP)• Overhead

• Latency penalty for online checks• Large amount of data represented by

aggregated CRLs transfers

Obtaining certificates

• The process consists of two phases• Generating key-pair• Identity vetting at RA

• Crucial for users‘ perception• Crucial for security of credentials

Online CAs• Normal web page with simple form

• Registration is done first• Browser is key component

• Perform cryptographic operations• Communicates with CA• Receives and stores new certificate

• New requirements• Signing machine of CA is exposed• Trust in browser

Online CAs in Identity Federations

• Identity federations leverage existing users management systems• Access to internal systems of institution

• Users don‘t need additional credentials to access new services

• Online CA connected to federation• No need for personal visits at RA

Private Key Protection

• Users don‘t protect their private keys• Weak passphrases, file permissions• Can‘t be checked by PKI operators• Ideally not handled directly by users –

transparent PKI

• Key repositories• Specialized service maintaining keys for users

• Smart cards• User support is difficult in general PKI

Conclusions

• Several aspects to address to operate secure PKI

• Established set of trusted CAs available• General CAs, not tied with a particular

application

• Keep users away from their private keys• :-)

Backup slides

Single Sign-On

• User authenticates just once• Proxy certificate

• Issued by user• Only short-lived

• Standard X.509 short-lived certificates• Issued by an on-line CA• Can be obtained automatically after login