Intel’s Common Data Security Architecture · Intel Corporation 11 CSSM Module Managers u Define...
Transcript of Intel’s Common Data Security Architecture · Intel Corporation 11 CSSM Module Managers u Define...
Intel’sCommon Data SecurityArchitecture
Draft Release 2.0 version 1.0
Presented at TOG Members MeetingPKI-TG Session
June 26, 1997Denise Ecklund, Intel Architecture Labs
Intel Corporation 2
Today’s Agenda
u History of CDSA and TOG, PKI-TG
u Certificate and Key Life Cycle Management
u Key Recovery as an Elective Service Category
u Portable Credentials
u CSSM Enhancements
u Status Update
u Group Questions and Answers
Intel Corporation 3
History of CDSA, TOG, PKI-WG
u Intel presented CDSA at PKI Mtg, Dec-96– PKI-TG requested response to PKI Requirements
u Intel presented PKI-Reqs response, Mar-97– PKI-TG recommended 3 specific extension areas:
» Certificate and Key Life Cycle Management» Key Recovery Services» Portable Credentials Support
– Close review by other TOG members
u Intel presenting these results today, anticipating– PKI-TG recommendation to Technical Managers– July-97 TM recommendation to begin Fast Track
Intel Corporation 4
Acknowledgements
u Intel acknowledges the thorough review and theactive contributions of the following companies inevolving CDSA 2.0– Entrust Technologies
– IBM
– Netscape Communications
– Trusted Information Systems
u Additional, appreciated feedback from– Intel Product Groups building appls on CSSM
– United States NSA
Intel Corporation 5
CDSA - a four layer architecture
Layered Security Services and Tools
CSSM Security API
Common Security Services Manager
Security Service Add-in Modules
Service Provider Interfaces
Defines acommon API
Extensible forall types ofsecurity services
Supports varieddegrees of “security-awareness”in applications
Applications in C++
Applications in C Applications in Java
Method Wrapper
Intel Corporation 6
Summary of Enhancements - 1
u Certificate and Key Life Cycle
– Follows an extended PKIX model» RA, CA, local & remote services
– New APIs for Trust Policy andCertificate Library operations
» create, verify, renew, recover, multisign
– Supports asynchronous operationcompletion
Intel Corporation 7
Summary of Enhancements - 2
u Key Recovery– Defines a secure model for individuals, corporations,
and governments to recover encryption keys using abroad range of recovery mechanisms
» encapsulation, escrow, hybrid schemes
– New, independent category of security service
– Uses new dynamic service manager bindingmechanism
– New APIs and new SPIs
– Works with any add-in Cryptographic Service Provider
Intel Corporation 8
Summary of Enhancements - 3
u Portable Credentials– No a priori detailed model from PKI-TG– No detailed model defined by working team– Intel view includes at least HW tokens– Latest evolution of CSSM APIs provide
complete support for PKCS#11 and otherHW token interfaces
Intel Corporation 9
Summary of Enhancements - 4
u Smoothing it out and putting it all togetheru Infrastructure Enhancements
– Horizontal Extensibility» Dynamic addition of security service categories
– Multi-service Add-in Modules» Allow add-in vendors to provide any subset of SPIs
– Support for TOG’s PKI Model» Use stronger integrity checks among components» In the specs - clarify required vs optional
parameters & behavior
Intel Corporation 10
A Quick Refresher on CDSA
CertificateLibrary
Data store
CommonSecurity ServicesManager
Security Add-inModules
CryptographicServiceProvider
Trust ModelLibrary
CSSM Security API
CSPManager
SPI DLICLITPI
TP ModuleManager
CL ModuleManager
DL ModuleManager
Data StorageLibrary
EMI
ElectiveModule Mgr
New Category
of Service
EM-API
SystemSecurity Services
Middleware
Language Interface Adapter
Layered Services
Tools
Applications in JavaApplications in C++Applications in C
Method Wrapper
Integrity Services Security Contexts
Intel Corporation 11
CSSM Module Managers
u Define the CSSM APIs and SPIs for a category ofsecurity services
u Base Service Module Managers are always present– certificate, trust policy, data store, cryptography
u Elective Module Managers are transparently loadedon demand– key recovery, audit/logging, future services
u Provide a subset of the CSSM services– dispatch APIs to zero, one or more SPIs– pre and/or post-process dispatched API calls
Intel Corporation 12
CSSM Core Services
u Implement architectural extensibility– Dynamic attaching of add-in modules
(mechanism implementations)
– Transparent attaching of elective module managers(categories of security service)
u Standard component management– install, register-services, query-registry, etc.
u Integrity Services
u Security Context Management– parameters required for cryptographic operations
Intel Corporation 14
SupportingCertificate and Key Life Cycle
u The model is based on PKIX-* and compatiblewith the PGP keyring model
u Basic Entities
– Certification Authority, Client,Registration Authority
– remote or co-located
u Basic Services over the life cycle
– Certificate delivery, verification & mgmt
– asynchronous operation completion possible
Intel Corporation 15
Certificate and KeyLife Cycle Phases
CertificateGeneration
Active Phase
CertUpdate Cert
Recovery
CertRetrieval
CertVerificationCert
Revocation
Registrationof Certificate Bearer Key Generation
(and other CA-provided services)
CertMultiSign
Intel Corporation 16
SupportingCertificate Life Cycle in CSSM
u New APIs for Trust Policy Modules– Verification of trust to perform an action
(based on certificates)
u New APIs for Certificate Library Modules– Certificate create, renew, recover, multisign
Intel Corporation 17
Trust Policy API - Review
u Access to certificate-based trust models– semantics of trust
u Generic API supports different trust models– from hierarchical to introducer
u Basic categories of operations:– verify application-specific action
– operates on groups of semantically-relatedcertificates
Intel Corporation 18
TP_CertVerify ( )
u Verification is based on– chain of certificates– a set of trusted certificates (cross-certified)– a set of specified policies– the action to be performed (if the cert verifies)
u Outputs– Yes or No– list of evidence from the verification process– automatic initiation of specified action
Intel Corporation 19
Cert Management API - Overview
u Defines memory-based manipulation of– certificates and certificate revocation lists (CRL)
u Generic API so libraries can supportdifferent certificate types
u CSSM_OIDs name cert and CRL fields– CSSM_OID structure holds a generic object identifier– Examples: ASCII string, enum value, X.509 OID, S-expression
u Basic categories of operations:– create, sign, verify– view, get_field_values– life cycle mgmt, type_translations
Intel Corporation 20
APIs support AsynchronousCompletion of Operations
u Some operations invoke remote servicesthat may not complete for “days”– Examples: certificate enrollment
u Two APIs per asynchronous operation– initiator function
» returns: estimated time to completion, transactionID
– result retrieval function» returns: result or new estimated time to completion
Intel Corporation 21
Certificate Creationand Certificate Renewal
u Set-up and initialize» CL_RegistrationFormRequest; CL_CertCreateTemplate
u CL_CertRequest– keypair generation by client or by CA/RA– submit request to CA entity
» include authorization info and certificate template
– request additional CA “backend” services» key backup, cert renewal notice, white pages listing, etc.
u CL_CertRetrieve– retrieve certificate ( and remote keypair )
RA
CA
CA
Intel Corporation 22
Certificate Recovery - setup
u CL_CertRecoveryRequest– requires authorization data
– can request a subset of your certificate history
u CL_CertRecoveryRetrieve– retrieves a set of certificates and their
associated private keys into a local cache
– certificates and keys in the cache areprotected and ready to be recovered
– also outputs the number of cached items
CA
CAcache
Intel Corporation 23
Certificate Recovery - completion
u CL_Recover Cert– recover/look at each cached certificate
– determine which keys to recover
u CL_RecoverCertKey– recover the I-th private key into a local CSP
– provide new passphrase to secure recovered key
u CL_CertAbortRecovery– scrubs the cache and ends the recovery process
{cert3, key3}{cert2, key2}
{cert1, key1}
{cert3, key3}{cert2, key2}
{cert1, key1}CSP
secured storage
empty cache
Intel Corporation 24
Certificate MultiSign
u CL_CertMultiSignRequest
– request additional signature on a certificate
– uses a selectable signing scope
– does not invalidate earlier signature(s)
– supports notary public functionality
u CL_CertMultiSignRetrieve
– retrieve the multiply-signed certificate
CA
CA
Intel Corporation 26
The Purpose of Key Recovery
u The primary purpose of a Key Recovery is torecover a key that has been used to ensure theconfidentiality of some data
Data Source Data Destination
InterceptionPoint
Datato Send Data
Received
OtherLocal,
Encrypted Data
Encrypted Data
Corporations and governmentsrecover a key to decryptintercepted, cipher data
Individuals and corporationsrecover a key to decryptstored, cipher data
Intel Corporation 27
Using Key Recovery
u Key Recovery is useful when a key is lost,corrupted or unavailable
u Using KR is voluntary or directed by policy
u Provided as an explicit service– if selected, it must be invoked by an application
or a layered service
Intel Corporation 28
The Model for Key Recovery (KR)
u Participants and their Roles in Key Recovery
Recovery Agents: a set of trusted, independent systemsthat work together to recover keys on demand
Participating Parties: users or systems that enable keyrecovery by generating the key recovery informationthat is required by their recovery agents
Authorized Parties: users or systems that are authorizedto recover their keys or someone else’s keys from a setof recovery agents
Intel Corporation 29
Key Recovery Concepts (KR)
u Objects and their Purpose in Key Recovery
Key Recovery Fields: information that enables specifiedkey recovery agends to recover a referenced key
Key Recovery Policy: a statement defining who must usekey recovery, when it must be used, what mechanismmust be used, and what KR agents can be used
Key Recovery Mechanism: a set of functions that generateand process key recovery fields and recover keys onrequest
Intel Corporation 30
Phases of the KR Process
Key_Exch,KRFields,
CipherText
1) Key RecoveryRegistration
(optional)
Authorization data,KRFields
Decryption Key
KeyRecoveryServer
KR-enabledCryptographicApplication A
RegistrationMessages
KRRegistrationApplication
Key RecoveryAgent(s)/Server
2) Key RecoveryEnablement
3) Key RecoveryRequest
KR-enabledCryptographicApplication B
KRAgent-1
KRAgent-2
KRAgent-N
KRRequestApplication
Policy: Encrypt: …..
0) KR PolicyDefinition
Intel Corporation 31
Key Recovery In CDSA
SPITPI CLIDLI
CLM MgrDLM MgrCSP MgrTPM Mgr KRM Mgr
KR-SPI
CSSM Security API KR-API
Key RecoveryService Provider
TPLib
CLLib
CSPLib
DLLib
IPSECSMIME
Protocol HandlersSSL
Context MgmtIntegrity
EDI
CommonSecurityServicesManager
LayeredSecurityServices
SecurityAdd-inModules
Applications in C++
Applications in C Applications in Java
Method Wrapper
Intel Corporation 32
Attaching Add-in Modulesand Elective Module Managers
CSSM Core Service Actions:If cateory is Electivethen (1) transparently load module manager (2) perform the attach operation for the add-in module
Application
Hdl = attach( KeyRecov1 );
InstalledKR
Modules
InstalledCSP
Modules
InstalledTP
ModulesInstalled
CL Modules
InstalledDL
Modules
CSSM
CSP1 TP2 CL1 DL1
CSPMMgr
TPMMgr
CLMMgr
DLMMgr
Mgr forElective
KR Module
KRModule
Mgr forElective
KR Module
1
2
Intel Corporation 33
Key Recovery APIs - categories
u Registration - optinal register with KR agents/server
u Context - create security context for KR enablement
u Enablement - create KR fields
u Request - request a recovery by a set of KR agents
Intel Corporation 34
KR and CSP Module ManagersWork Together
u All Module Managers can share stateand work together
u KR Module Manager (KRMM) is asophisticated module manager– understands CSSM security context structure
– shares state with the Cryptographic MM
– makes policy decisions
Intel Corporation 36
Cryptographic Services API
u APIs appropriate for hardware tokens,software modules, & hybrids– CSSM Cryptographic APIs subsume legacy APIs
» GCS-API, PKCS#11, Fortezza Cryptoki, etc.
u Basic Categories of Operations– sign/verify– digest/hash– encrypt/decrypt– key operations– random number generation
u Help manage parameters and their state
GCS-API
PKCS#11
CSSM API
Intel Corporation 37
Enhancements to Fully SupportPKCS#11 Service Model
u New APIs for– login/logout, sessions, optional password/PIN
u Extended structures for– key formats: reference, wrapped, raw
– each device slot is one subservice
u Features– Dynamic description of capabilities
– Multi-service add-ins for (CSP + DL) APIs
Reader
A-Card
B-Card
Intel Corporation 38
Multi-Service Add-in Modules
Common Security Services Manager
CSPMMgr
TPMMgr
CLMMgr
DLMMgr
ElectiveMMgr
CSP1TP2 CL1DL1 NewService
PKCS#11 Add-in Module
Application: Hdl = CSSM_Attach(pkcs11_guid) CSSM_Encrypt(Hdl, …) CSSM_DL_DataGetFirst(Hdl, …)
Application Actions:Attach one service moduleReceive one HandleUse the handle for CSP ops and for DL ops
Add-in Module:(1) Implements functions from multiple service categories(2) Registers multiple sets of functions with CSSM
Intel Corporation 39
Adaptation Layers in CDSA
Example legacy CSPs:BSAFEPKCS#11 HW tokensFortezza token
CSSM API
CSPManager
SPI DLICLITPI
TPMMgr
CLMMgr
DLMMgr
C LibTP Lib
LegacyCryptographic
ServiceProvider
AdaptationLayer
SPIto
SPINativeCSP
Data store
D Lib
Intel Corporation 40
Intel’s PKCS#11 Adaptation Layer
u One implementation of PKCS#11 adapter
u Inter-operating devices in Intel Labs (today)– Rainbow (CryptoSwift, add-in card)
– DataKey (Smart card)
– Litronic (ME2000, CryptOS)
– Fischer (Smart disk)
– Chrysalis (Luna)
u New devices under test– GemPlus
Reader AS-Card
Data
Sign Data
Verify Data Signature
Reader BS-Card
Data
Intel Corporation 42
Integrity Requirements
u In a dynamic environment, components mustauthenticate themselves– prove identity
– prove integrity
u Components must have signed credentials– certificate
– manifest
u Component object modules must be signed
CSSMModule
Mgr
ModuleAttach
Who areyou?
Are you“the CSSM”?
Intel Corporation 43
The Model for Credentials
u Certificate chain represents trust in a vendor– used to prove identity– supported by real world licenses
u Manifest describes the integrity of– the module’s functional capabilities– the module’s object code (this is the module)
u Acknowledgements to Netscape and Javasoft for– early work on Manifests (W3C effort w/ Intel)– review of Intel’s Enhanced Manifests
Intel Corporation 44
An Add-in Module’s Certificate
u A hierarchical chain of three certificates– CSSM vendor owns the root certificate
– Add-in module vendor owns the middle certificate
– The module owns the leaf certificate
Certificate File
CSSM Vendor’sCertificate
(self-signed)
Add-in ModuleVendor’s Certificate
(signed byCSSM Vendor)
Product Certificate(signed by
Add-in ModuleVendor)
Intel Corporation 45
A ManifestManifest File
ManifestSections
Name:
MD5-Digest:
SectionName:
Name:
MD5-Digest:
SectionName:
Capabilities
Capabilities
Object Reference
Object Reference
Intel Corporation 46
CSSM Integrity Services
u Built on an Embedded Integrity ServicesLibrary (EISL)
u Use self_check to establish a trust perimeter
u Use credential-based bilateral authenticationprocedure to extend trust perimeterto dynamicallyattaching components
EISL
CSSM base EISL
CSSM base EISL
EISL
Module
Intel Corporation 48
Summary ofour Response to PKI-TG
u Evolution– new APIs for Cert Life Cycle and Key Recovery– modified CSSM APIs based on experience
u Future enhancements - layered technologies– continued work on Object-oriented i/f: e.g., Java,– support high level APIs, e.g., GSS, SSPI, etc.– provide packagable protocols, e.g., PKCS#12
u Documents/Specifications available– 13 documents: Arch, APIs, SPIs, Special Srvs
Intel Corporation 49
Categorization ofCDSA Documentation
Normative
AppsDevelopers
CSSMDevelopers
Add-inModuleDevelopers
Informative
CSSM-API, EISL, KR-API CDSA,Signed-Mfests
(1 of) {TPI, CLI, DLI, SPI, KRI }CSSM-AMmgmt, EISL
CSSM-API, EISL,CSSM-EMMI,CSSM-AMmgmt
CDSA,API,Signed-MfestsCSSM Policy
CDSA,Signed-Mfests
3
4
3+
Intel Corporation 50
Status of CDSAReference Implementation
u Release 1.1.a on the Intel Web site(http://www.intel.com/ial/security/)– for Windows* 95 and Windows NT*
– statically linked, exportable CSP
– used in two Intel applications
u Release 1.2 will be on web site Sept-97– same as release 2.0 minus some APIs
u Release 2.0 before Dec-97
Intel Corporation 51
Status of CDSAfor TOG Fast Track Process
u Intel– is a specification member of the TOG PKI-TG
– has signed TOG Fast Track Agreement
– is prepared to present specs for TOG TechnicalManagers Review in July 1997
– is preparing for the normal Fast Track processduring August and September 1997
– is committed to carefully consider all feedbackresulting from Fast Track review
Intel Corporation 53
Example - Limited StrengthEncryption or Failure without KR
6.DecryptData(HB1,Enc(msg))
(side A)Communication
Protocol
(side B)Communication
Protocol
CSSMCSSM
1.CreateKeyHandle
4.ObtainKeyHandle
KeyExch, Enc(msg)
2.ContextHandleHA1
3.EncryptData(HA1, msg)
5.ContextHandleHB1
Policy: Encrypt: <= 56 bits or >56 bits + KR
Short key encryptionor the EncryptData call fails
Intel Corporation 54
Example -KR-enabled Communication
Policy: Encrypt: <= 56 bits or >56 bits + KR
KR and CSPs are separate,but they work together via theKRMM and the CSP MM
10.DecryptData(HB2, Enc(msg))
(side A)Communication
Protocol(side B)
CommunicationProtocol
CSSM-KRMMCSSM-KRMM
1.CreateKeyHandle
6.ObtainKeyHandle
KeyExch KRFields,Enc(msg)
2.KeyHandleHA1
5.EncryptData(HA2, msg)
7.KeyHandleHB1
InterceptPoint
3. GenerateRecovery Fields
4.HandleHA2,KRFields
8. ProcessRecovery Fields
9.HandleHB2
Intel Corporation 55
MS CAPI 2.0 as aMulti-Service Add-in Module
u MS CAPI 2.0 is a multi-service provider– cryptographic operations
– certificate store
– certificate encode/decode
CSSM API
CSPManager
SPI TPICLIDLI
DLMMgr
CLMMgr
TPMMgr
TP Lib
MS CAPI 2.0 Implementation
Adaptation Layer
Data store
Intel Corporation 56
A Signed Manifest
Signature Block FileSigner Information File
Signature BlockDigestvalue
EncryptedHash Value
Hash ofSignatureInfo File
PKCS#7Signature Block
Manifest File
Name:MD5-Digest:
SectionName:
Digest of objectrefenced by Name
ManifestSections Relative
File Name
URL
Name:MD5-Digest:
SectionName:
In Memory
Digest of objectrefenced by Name
Capabilities
Capabilities
Digest of objectrefenced by NameName:
MD5-Digest:
SectionName:
Capabilities
SignerInfo File
ManifestSectionIdentifier
Hash ofManifest Section
Name:MD5-Digest:
SectionName:
Capabilities
All signing is performed using the module’s certificate
Intel Corporation 57
System-wide Policy Compliance
u A system-wide policy can be defined– constrains the use of security services
» restrict certificate creation or cryptographic opers
– specified by a certificate and signed manifest
u CSSM can provide generic mechanisms to recordand test for policy compliance– record and protect system-wide policy at CSSM install
– check service provider’s capabilities at service providerinstall and attach
– check function calls against system-wide contraints
Intel Corporation 58
Credential Verification Procedure
u A six step procedure packaged as twofunctions in the EISL1. Verify the certificate chain
2. Verify the signature on the manifest
3. Verify the digest values for each of the manifest sections
4. For each manifest section, verify the digest value on each referenced object code file
5. Verify secure linkage» verified object code is the code you are about to invoke
» or the code that invoked you
Intel Corporation 59
Bilateral Authentication
u Performed as the first phaseof ModuleAttach processing
u Six step procedure1. CSSM performed a self integrity check
2. CSSM performs an integrity check of the attaching module
3. CSSM verifies secure linkage by checking that the initiation point iswithin the verified module
4. The add-in module performs a self integrity check
5. The add-in module performs an integrity check of CSSM
6. The add-in module verifies secure linkage by checking that the functioncall originated from the verified CSSM
u Use EISL functions
CSSMModule
Mgr
ModuleAttach
Who areyou?
Are you“the CSSM”?