Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Marco Casassa Mont: Pki overview
1. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Public Key InfrastructurePublic Key Infrastructure
(X509 PKI)(X509 PKI)
Trusted E-Services Laboratory - HP Labs - BristolTrusted E-Services Laboratory - HP Labs - Bristol
Marco Casassa MontMarco Casassa Mont
2. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
OutlineOutline
• Basic Problem of Confidence and TrustBasic Problem of Confidence and Trust
• Background: Cryptography, Digital Signature,Background: Cryptography, Digital Signature,
Digital CertificatesDigital Certificates
• (X509) Public Key Infrastructure (PKI)(X509) Public Key Infrastructure (PKI)
• (X509) PKI: Trust and Legal Issues(X509) PKI: Trust and Legal Issues
3. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Confidence and TrustConfidence and Trust
Issues in the DigitalIssues in the Digital
WorldWorld
4. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Basic ProblemBasic Problem
IntranetIntranet
ExtranetExtranet
InternetInternet
AliceAliceBobBob
Bob and Alice want to exchange data in a digital world.Bob and Alice want to exchange data in a digital world.
There are Confidence and Trust Issues …There are Confidence and Trust Issues …
5. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
ConfidenceConfidence and Trust Issuesand Trust Issues
• In the Identity of an Individual or ApplicationIn the Identity of an Individual or Application
AUTHENTICATIONAUTHENTICATION
• That the information will be kept PrivateThat the information will be kept Private
CONFIDENTIALITYCONFIDENTIALITY
• That information cannot be ManipulatedThat information cannot be Manipulated
INTEGRITYINTEGRITY
• That information cannot be DisownedThat information cannot be Disowned
NON-REPUDIATIONNON-REPUDIATION
IntranetIntranet
ExtranetExtranet
InternetInternet
AliceAliceBobBob
7. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Starting Point: CryptographyStarting Point: Cryptography
CryptographyCryptography
It is the science of making the cost of acquiring or alteringIt is the science of making the cost of acquiring or altering
data greater than the potential value gaineddata greater than the potential value gained
CryptosystemCryptosystem
It is a system that provides techniques for mangling aIt is a system that provides techniques for mangling a
message into an apparently intelligible form and thanmessage into an apparently intelligible form and than
recovering it from the mangled formrecovering it from the mangled form
PlaintextPlaintext EncryptionEncryption DecryptionDecryption PlaintextPlaintextCiphertextCiphertext
KeyKey KeyKey
Hello WorldHello World &$*£(“!273&$*£(“!273 Hello WorldHello World
8. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Cryptographic AlgorithmsCryptographic Algorithms
All cryptosystems are based only onAll cryptosystems are based only on three Cryptographicthree Cryptographic
AlgorithmsAlgorithms::
• MESSAGE DIGESTMESSAGE DIGEST (MD2-4-5, SHA, SHA-1, …)(MD2-4-5, SHA, SHA-1, …)
• SECRET KEYSECRET KEY (Blowfish, DES, IDEA, RC2-4-5, Triple-DES, …)(Blowfish, DES, IDEA, RC2-4-5, Triple-DES, …)
• PUBLIC KEYPUBLIC KEY (DSA, RSA, …)(DSA, RSA, …)
Maps variable length plaintext into fixed length ciphertextMaps variable length plaintext into fixed length ciphertext
No key usage, computationally infeasible to recover the plaintextNo key usage, computationally infeasible to recover the plaintext
Encrypt and decrypt messages by using the same Secret KeyEncrypt and decrypt messages by using the same Secret Key
Encrypt and decrypt messages by using two different Keys: Public Key,Encrypt and decrypt messages by using two different Keys: Public Key,
Private Key (coupled together)Private Key (coupled together)
9. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
• Efficient and fast AlgorithmEfficient and fast Algorithm
• Simple modelSimple model
Provides Integrity, ConfidentialityProvides Integrity, Confidentiality
ConsCons
• The same secret key must be shared by all the entities involved in the data exchangeThe same secret key must be shared by all the entities involved in the data exchange
• High riskHigh risk
• It doesn’t scaleIt doesn’t scale (proliferation of secrets)(proliferation of secrets)
No Authentication, Non-RepudiationNo Authentication, Non-Repudiation
PlaintextPlaintext EncryptionEncryption DecryptionDecryption PlaintextPlaintextCiphertextCiphertext
Private KeyPrivate Key Private KeyPrivate Key
ProsPros
Cryptographic Algorithms basedCryptographic Algorithms based
on Private Keyon Private Key
10. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
PlaintextPlaintext EncryptionEncryption DecryptionDecryption PlaintextPlaintextCiphertextCiphertext
Alice’s Public KeyAlice’s Public Key Alice’s Private KeyAlice’s Private Key
IntranetIntranet
ExtranetExtranet
InternetInternet
AliceAliceBobBob
• Private key is only known by the owner: less riskPrivate key is only known by the owner: less risk
• The algorithm ensuresThe algorithm ensures IntegrityIntegrity andand ConfidentialityConfidentiality by encrypting withby encrypting with
the Receiver’s Public keythe Receiver’s Public key
ProsPros
Cryptographic Algorithms basedCryptographic Algorithms based
on Public Keyon Public Key
11. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
PlaintextPlaintext EncryptionEncryption DecryptionDecryption PlaintextPlaintextCiphertextCiphertext
Bob’s Private KeyBob’s Private Key Bob’s Public KeyBob’s Public Key
IntranetIntranet
ExtranetExtranet
InternetInternet
AliceAliceBobBob
• The algorithm ensuresThe algorithm ensures Non-RepudiationNon-Repudiation by encrypting withby encrypting with
the Sender’s Private keythe Sender’s Private key
ProsPros
Cryptographic Algorithms basedCryptographic Algorithms based
on Public Keyon Public Key
12. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Cryptographic Algorithms basedCryptographic Algorithms based
on Public Keyon Public Key
ConsCons
• Algorithms are 100 – 1000 times slower than secret key onesAlgorithms are 100 – 1000 times slower than secret key ones
They are initially used in an initial phase of communication and thenThey are initially used in an initial phase of communication and then
secrets keys are generated to deal with encryptionssecrets keys are generated to deal with encryptions
• How are Public keys made available to the other people?How are Public keys made available to the other people?
• There is still a problem ofThere is still a problem of AuthenticationAuthentication!!!!!!
Who ensures that the owner of a key pair is really the person whoseWho ensures that the owner of a key pair is really the person whose
real life name is “Alice”?real life name is “Alice”?
IntranetIntranet
ExtranetExtranet
InternetInternet
AliceAliceBobBob
Moving towards PKI …Moving towards PKI …
13. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Digital SignatureDigital Signature
14. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Digital SignatureDigital Signature
A Digital Signature is a data item that vouches the originA Digital Signature is a data item that vouches the origin
and the integrity of a Messageand the integrity of a Message
• The originator of a message uses a signing key (Private Key) to sign theThe originator of a message uses a signing key (Private Key) to sign the
message and send the message and its digital signature to a recipientmessage and send the message and its digital signature to a recipient
• The recipient uses a verification key (Public Key) to verify the origin ofThe recipient uses a verification key (Public Key) to verify the origin of
the message and that it has not been tampered with while in transitthe message and that it has not been tampered with while in transit
IntranetIntranet
ExtranetExtranet
InternetInternet
AliceAliceBobBob
15. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Digital SignatureDigital Signature
Hash FunctionHash Function
MessageMessage
SignatureSignature
Private KeyPrivate Key EncryptionEncryption
DigestDigest
MessageMessage
DecryptionDecryption
Public KeyPublic Key
ExpectedExpected
DigestDigest
ActualActual
DigestDigest
Hash FunctionHash Function
SignerSigner ReceiverReceiverChannelChannel
DigestDigest
AlgorithmAlgorithm
DigestDigest
AlgorithmAlgorithm
16. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Digital SignatureDigital Signature
There is still a problem linked to theThere is still a problem linked to the
““Real Identity”Real Identity” of the Signer.of the Signer.
Why should I trust what the Sender claims to be?Why should I trust what the Sender claims to be?
Moving towards PKI …Moving towards PKI …
17. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Digital CertificateDigital Certificate
18. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Digital CertificateDigital Certificate
A Digital Certificate is a binding between an entity’sA Digital Certificate is a binding between an entity’s
Public Key and one or more Attributes relating its Identity.Public Key and one or more Attributes relating its Identity.
• The entity can be a Person, an Hardware Component, a Service, etc.The entity can be a Person, an Hardware Component, a Service, etc.
• A Digital Certificate is issued (and signed) by someoneA Digital Certificate is issued (and signed) by someone
• A self-signed certificate usually is not very trustworthyA self-signed certificate usually is not very trustworthy
-- Usually the issuer is a Trusted Third PartyUsually the issuer is a Trusted Third Party
19. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
CERTIFICATE
Digital CertificateDigital Certificate
IssuerIssuer
SubjectSubject
IssuerIssuer
DigitalDigital
SignatureSignature
Subject Public KeySubject Public Key
20. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Digital CertificateDigital Certificate
• How are Digital Certificates Issued?How are Digital Certificates Issued?
• Who is issuing them?Who is issuing them?
• Why should I Trust the Certificate Issuer?Why should I Trust the Certificate Issuer?
• How can I check if a Certificate is valid?How can I check if a Certificate is valid?
• How can I revoke a Certificate?How can I revoke a Certificate?
• Who is revoking Certificates?Who is revoking Certificates?
ProblemsProblems
Moving towards PKI …Moving towards PKI …
21. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Public Key InfrastructurePublic Key Infrastructure
(PKI)(PKI)
22. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Public Key InfrastructurePublic Key Infrastructure
(PKI)(PKI)
A Public Key Infrastructure is an InfrastructureA Public Key Infrastructure is an Infrastructure
to support and manage Public Key-basedto support and manage Public Key-based
Digital CertificatesDigital Certificates
23. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Public Key InfrastructurePublic Key Infrastructure
(PKI)(PKI)
““A PKI is a set of agreed-upon standards, CertificationA PKI is a set of agreed-upon standards, Certification
Authorities (CA), structure between multiple CAs,Authorities (CA), structure between multiple CAs,
methods to discover and validate Certification Paths,methods to discover and validate Certification Paths,
Operational Protocols, Management Protocols,Operational Protocols, Management Protocols,
Interoperable Tools and supporting Legislation”Interoperable Tools and supporting Legislation”
““Digital Certificates” book – Jalal Feghhi, Jalil Feghhi, Peter WilliamsDigital Certificates” book – Jalal Feghhi, Jalil Feghhi, Peter Williams
24. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Public Key InfrastructurePublic Key Infrastructure
(PKI)(PKI)
Focus on:Focus on:
• X509 PKIX509 PKI
• X509 Digital CertificatesX509 Digital Certificates
Standards defined by IETF, PKIX WG:Standards defined by IETF, PKIX WG:
http://www.ietf.org/http://www.ietf.org/
…… even if X509 is not the only approach (e.g. SPKI)even if X509 is not the only approach (e.g. SPKI)
25. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
X509 PKI – Technical ViewX509 PKI – Technical View
Basic Components:Basic Components:
• Certificate Authority (CA)Certificate Authority (CA)
• Registration Authority (RA)Registration Authority (RA)
• Certificate Distribution SystemCertificate Distribution System
• PKI enabled applicationsPKI enabled applications
““Consumer” SideConsumer” Side
““Provider” SideProvider” Side
29. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
X509 PKIX509 PKI
Certificate Distribution SystemCertificate Distribution System
Provide Repository for:Provide Repository for:
• Digital CertificatesDigital Certificates
• Certificate Revocation Lists (CRLs)Certificate Revocation Lists (CRLs)
Typically:Typically:
• Special Purposes DatabasesSpecial Purposes Databases
• LDAP directoriesLDAP directories
30. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Certificate Revocation List
Revoked CertificatesRevoked Certificates
remain in CRLremain in CRL
until they expireuntil they expire
Certificate Revocation ListCertificate Revocation List
31. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Certificate Revocation List (CRL)Certificate Revocation List (CRL)
• CRLs are published by CAs at well definedCRLs are published by CAs at well defined
interval of timeinterval of time
• It is a responsibility of “Users” of certificates toIt is a responsibility of “Users” of certificates to
““download” a CRL and verify if a certificate hasdownload” a CRL and verify if a certificate has
been revokedbeen revoked
• User application must deal with the revocationUser application must deal with the revocation
processesprocesses
32. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Online Certificate Status ProtocolOnline Certificate Status Protocol
(OCSP)(OCSP)
• An alternative to CRLsAn alternative to CRLs
• IETF/PKIX standard for a real-time check if aIETF/PKIX standard for a real-time check if a
certificate has been revoked/suspendedcertificate has been revoked/suspended
• Requires a high availability OCSP ServerRequires a high availability OCSP Server
33. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
CRL vs OCSP ServerCRL vs OCSP Server
UserUser CACA
CRLCRL
DirectoryDirectory
Download CRLDownload CRL
CRLCRL
UserUser CACA
CRLCRL
DirectoryDirectory
DownloadDownload
CRLCRL
Certificate IDsCertificate IDs
to be checkedto be checked
Answer aboutAnswer about
Certificate StatesCertificate States
OCSPOCSP
ServerServer
OCSPOCSP
34. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
X509 PKIX509 PKI
PKI-enabled ApplicationsPKI-enabled Applications
Functionality Required:Functionality Required:
• Cryptographic functionalityCryptographic functionality
• Secure storage of Personal InformationSecure storage of Personal Information
• Digital Certificate HandlingDigital Certificate Handling
• Directory AccessDirectory Access
• Communication FacilitiesCommunication Facilities
35. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
X509 PKIX509 PKI
Trust and Legal IssuesTrust and Legal Issues
36. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
X509 PKIX509 PKI
Trust and Legal IssuesTrust and Legal Issues
• Why should I Trust a CA?Why should I Trust a CA?
• How can I determine the liability of a CA?How can I determine the liability of a CA?
37. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
X509 PKIX509 PKI
Approaches to Trust andApproaches to Trust and
Legal AspectsLegal Aspects
• Why should I Trust a CA?Why should I Trust a CA?
• How can I determine the liability of a CA?How can I determine the liability of a CA?
Certificate Hierarchies, Cross-CertificationCertificate Hierarchies, Cross-Certification
Certificate Policies (CP) and Certificate PolicyCertificate Policies (CP) and Certificate Policy
Statement (CPS)Statement (CPS)
38. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
X509 PKIX509 PKI
Approach to TrustApproach to Trust
Certificate HierarchiesCertificate Hierarchies
andand
Cross-CertificationCross-Certification
39. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Try to reflectTry to reflect
Real world Trust ModelsReal world Trust Models
CA CA
CA
RA RA
CA
RA
LRALRA
CA
CA
RA
CA
CA
RA RA
Directory
Services
InternetInternet
InternetInternet
CA Technology EvolutionCA Technology Evolution
40. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Each entity has its own certificate (and may
have more than one). The root CA’s certificate
is self signed and each sub-CA is signed by its
parent CA.
Each CA may also issue CRLs. In particular
the lowest level CAs issue CRLs frequently.
End entities need to “find” a certificate path to
a CA that they trust.
Simple Certificate HierarchySimple Certificate Hierarchy
Root CARoot CA
Sub-CAsSub-CAs
End EntitiesEnd Entities
41. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Alice Bob
Simple Certificate PathSimple Certificate Path
Alice trusts the root CAAlice trusts the root CA
Bob sends a message to AliceBob sends a message to Alice
Alice needs Bob’s certificate, the certificate ofAlice needs Bob’s certificate, the certificate of
the CA that signed Bob’s certificate, and so onthe CA that signed Bob’s certificate, and so on
up to the root CA’s self signed certificate.up to the root CA’s self signed certificate.
Alice also needs each CRL for each CA.Alice also needs each CRL for each CA.
Only then can Alice verify that Bob’s certificateOnly then can Alice verify that Bob’s certificate
is valid and trusted and so verify the Bob’sis valid and trusted and so verify the Bob’s
signature.signature.
TrustedTrusted
RootRoot
43. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Things are getting more and moreThings are getting more and more
complex if Hierarchies andcomplex if Hierarchies and
Cross-Certifications are usedCross-Certifications are used
X509 PKIX509 PKI
Approach to Trust : ProblemsApproach to Trust : Problems
45. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
X509 PKIX509 PKI
Approach to Legal AspectsApproach to Legal Aspects
Certificate PolicyCertificate Policy
AndAnd
Certificate Practice StatementCertificate Practice Statement
46. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Certificate Policy (CP)Certificate Policy (CP)
• A document that sets out the rights, duties andA document that sets out the rights, duties and
obligations of each party in a Public Keyobligations of each party in a Public Key
InfrastructureInfrastructure
• The Certificate Policy (CP) is a document whichThe Certificate Policy (CP) is a document which
usually has legal effectusually has legal effect
• A CP is usually publicly exposed by CAs, forA CP is usually publicly exposed by CAs, for
example on a Web Site (VeriSign, etc.)example on a Web Site (VeriSign, etc.)
49. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Certificate Policy StatementCertificate Policy Statement
(CPS)(CPS)
• A document that sets out what happens in practiceA document that sets out what happens in practice
to support the policy statements made in the CPto support the policy statements made in the CP
in a PKIin a PKI
• The Certificate Practice Statement (CPS) is aThe Certificate Practice Statement (CPS) is a
document which may have legal effect in limiteddocument which may have legal effect in limited
circumstancescircumstances
52. HP Laboratories, Bristol, UKHP Laboratories, Bristol, UKPublic Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Identity is Not Enough:Identity is Not Enough:
Attribute CertificatesAttribute Certificates
IETF (PKIX WG) is also defining standards for AttributeIETF (PKIX WG) is also defining standards for Attribute
Certificates (ACs):Certificates (ACs):
• Visa Card (Attribute) vs. Passport (Identity)Visa Card (Attribute) vs. Passport (Identity)
• Attribute Certificates specify Attributes associatedAttribute Certificates specify Attributes associated
to an Identityto an Identity
• Attribute Certificates don’t contain a Public keyAttribute Certificates don’t contain a Public key
but a link to an Identity Certificatebut a link to an Identity Certificate