Public Key Infrastructure

Module-2
Components and architecture of fully functional Public key infrastructure(PKI):
Certification authority, Certificate repository, Certificate revocation, Key backup and
recovery, Automatic key update, Key history management, Cross-certification, Support for
non-repudiation, Time stamping, Client software, Core PKI Services, PKI-Enabled Services,
PKI interoperability, deployment and assessment PKI data structures - PKI architectures:
Single CA, Hierarchical PKI, Mesh PKI, Trust Lists, Bridge Certification Authority (CA),
Registration Authority (RA), Simple PKI (SPKI), PKI application : Smart card integration
with PKI’s.
Public-Key Infrastructure Defined

• A PKI is the basis of a pervasive security infrastructure whose services

are implemented and delivered using public-key concepts and
techniques.

Certification Authority
Certificate Repository
Certificate Revocation
Key Backup and Recovery
Automatic Key Update
Key History
Cross-Certification
Support for Non-repudiation
Time Stamping
• PKI, or public key infrastructure,
encompasses everything used to establish
and manage public key encryption.
• This includes software, hardware, policies,
and procedures that are used to create,
distribute, manage, store, and revoke digital
certificates.
• A digital certificate cryptographically links a
public key with the device or user who owns
it.
• This helps to authenticate users and devices
and ensure secure digital communications.
• PKI is one of the most common forms of
internet encryption, and it is used to secure
and authenticate traffic between web browsers
and web servers.
• It can also be used to secure access to
connected devices and internal
communications within an organization.
• Public key infrastructure has a long history of
securing and authenticating digital
communications with two main goals: to ensure
the privacy of the message being sent and to
verify that the sender is who they claim to be.
What is public key
infrastructure (PKI)?
• Public key infrastructure is an important aspect of
internet security.
• It is the set of technology and processes that make
up a framework of encryption to protect and
authenticate digital communications.
• PKI uses cryptographic public keys that are
connected to a digital certificate, which
authenticates the device or user sending the digital
communication.
• Digital certificates are issued by a trusted source,
a certificate authority (CA), and act as a type of
digital passport to ensure that the sender is who
they say they are.
• Public key infrastructure protects and
authenticates communications between
servers and users, such as between your
website (hosted on your web server) and
your clients (the user trying to connect
through their browser.

• It can also be used for secure

communications within an organization
to ensure that the messages are only
visible to the sender and recipient, and
they have not been tampered with in
• The main components of public key
infrastructure include the following:
• Certificate authority (CA): The CA is a
trusted entity that issues, stores, and signs
the digital certificate. The CA signs the digital
certificate with their own private key and then
publishes the public key that can be accessed
upon request.
• Registration authority (RA): The RA
verifies the identity of the user or device
requesting the digital certificate. This can be a
third party, or the CA can also act as the RA.
• Certificate database: This database stores the
digital certificate and its metadata, which
includes how long the certificate is valid.
• Central directory: This is the secure location
where the cryptographic keys are indexed and
stored.
• Certificate management system: This is the
system for managing the delivery of certificates
as well as access to them.
• Certificate policy: This policy outlines the
procedures of the PKI. It can be used by
outsiders to determine the PKI’s trustworthiness.
Understanding how PKI
works
• Public key infrastructure uses asymmetric
encryption methods to ensure that messages
remain private and also to authenticate the
device or user sending the transmission.
• Asymmetric encryption involves the use of a
public and private key. A cryptographic key is a
long string of bits used to encrypt data.
• The public key is available to anyone who
requests it and is issued by a trusted certificate
authority. This public key verifies and
authenticates the sender of the encrypted
message.
Understanding how PKI
works
• The second component of a cryptographic key
pair used in public key infrastructure is the
private, or secret, key.
• This key is kept private by the recipient of the
encrypted message and used to decrypt the
transmission.
• Complex algorithms are used to encrypt and
decrypt public/private key pairs.
• The public key authenticates the sender of the
digital message, while the private key ensures
that only the recipient can open and read it.
PKI certificates
• The core of a public key infrastructure is trust. It
is important for a recipient entity to know
without a doubt that the sender of the digital
certificate is exactly who they claim to be.
• Trusted third-party CAs can vouch for the sender
and help to prove that they are indeed who they
say they are. Digital certificates are used to
verify digital identities.
• Digital certificates are also called PKI
certificates or X.509 certificates. A PKI
certificate offers proof of identity to a
requesting entity, which is verified by a third
party and works like a digital passport or
driver’s license.
The PKI certificate will contain the
following:
• Distinguished name (DN) of the owner
• Owner’s public key
• Date of issuance
• Expiration date
• DN of the issuing CA
• Issuing CA’s digital signature
Why is PKI used?
• One of the most common uses of PKI is the
TLS/SSL (transport layer security/secure socket
layer), which secures encrypted HTTP
(hypertext transfer protocol) communications.
• Website owners will obtain a digital certificate
from a trusted CA. To be issued a CA, the owner
of the website will have to prove that they are
indeed the actual owner.
• Once verified, the website owner can purchase
an SSL certificate to install on the web server.
This tells the browser that it is the legitimate
website the browser is trying to access.
• The TLS/SSL protocol relies on a chain of
trust, where the user has to trust the
root-certificate granting authority.
• An alternative scheme is the web of trust,
which uses self-signed certificates that
are validated by a third party.
• Web of trust is often used in smaller
communities of users, such as within an
organization’s self-contained network.
Uses for PKI
• Email encryption and authentication of the sender
• Signing documents and software
• Using database servers to secure internal
communications
• Securing web communications, such as e-commerce
• Authentication and encryption of documents
• Securing local networks and smart card
authentication
• Encrypting and decrypting files
• Restricted access to VPNs and enterprise intranets
• Secure communication between mutually trusted
devices such as IoT (internet of things) devices
Types of open-source PKI
• EJBCA Enterprise: Developed in Java as an
enterprise-grade and fully featured CA
implementation, it can set up CA as a service
or for internal use.
• OpenSSL: A commercial-grade, full-featured
toolkit, it is included in all major Linux
distributions and developed in C. It can PKI-
enable applications and be used to build a
simple CA.
• CFSSL: This is Cloudflare’s PKI/SSL toolkit for
signing, verifying, and bundling TLS
certificates and building custom TLS PKI tools
Types of open-source PKI
• XiPKI: A high-performance and highly
scalable CA and OCSP responder, this is
implemented in Java with SHA-3 support.
• Dogtag Certificate System: This is an
enterprise-class, full-featured CA
supporting all aspects of certificate
lifecycle management.
Challenges that a PKI
Solves:
PKI owes its popularity to the various
problems its solves. Some use cases of PKI
are:
• Securing web browsers and communicating
networks by SSL/TLS certifications.
• Maintaining Access Rights over Intranets
and VPNs.
• Data Encryption
• Digitally Signed Software
• Wi-fi Access Without Passwords
Here are two industries that are using PKI for IoT
devices:
• Auto Manufacturers: Cars these days have features
like GPS, call for services, assistants, etc. These
require communication paths where a lot of data is
passed. Making these connections secure is very
important to avoid malicious parties hacking into the
cars. This is where PKI comes in.
• Medical device Manufacturers: Devices like
surgical robots require high security. Also, FDA
mandates that any next-generation medical device
must be updatable so that bugs can be removed and
security issues can be dealt with. PKI is used to issues
certificates to such devices.
• End entity: A generic term used to denote end users,
devices (e.g., servers, routers), or any other entity that
can be identified in the subject field of a pub- lic key
certificate. End entities typically consume and/or
support PKI-related services.

• Certification authority (CA): The issuer of certificates

and (usually) certificate revocation lists (CRLs).
• It may also support a variety of administrative
functions, although these are often delegated to one or
more Registration Authorities.
• Registration authority (RA): An optional component that
can assume a number of administrative functions from the
CA. The RA is often associated with the end entity
registration process but can assist in a number of other
areas as well.

CRL issuer: An optional component that a CA can delegate to

publish CRLs.

Repository: A generic term used to denote any method for

storing certificates and CRLs so that they can be retrieved by
end entities.
• Registration: This is the process whereby a user first makes itself known to a
CA (directly or through an RA), prior to that CA issuing a certificate or
certificates for that user.
• Registration begins the process of enrolling in a PKI. Registration usually
involves some offline or online
procedure for mutual authentication. Typically, the end entity is issued one or
more shared secret keys used for subsequent authentication.
• Initialization: Before a client system can operate securely, it is necessary to
install key materials that have the appropriate relationship with keys stored
elsewhere in the infrastructure. For example, the client needs to be securely
initialized with the public key and other assured information of the trusted
CA(s), to be used in validating certificate paths.
• Certification: This is the process in which a CA issues a certificate for a user’s
public key, returns that certificate to the user’s client system, and/or posts that
certificate in a repository.
• Key pair recovery: Key pairs can be used to support digital signature creation a
nd verification, encryption and decryption, or both.
• When a key pair is used for
encryption/decryption, it is important to provide a mechanism to recover the neces
sary decryption keys when normal access to the keying material is
no longer possible, otherwise it will not be possible to recover the encrypted data.
• Loss of
access to the decryption key can result from forgotten passwords/PINs, corrupted
disk drives, damage to hardware tokens, and so on. Key pair recovery allows end
entities to restore their encryption/decryption key pair from an authorized key
backup facility (typically, the CA that issued the end entity’s certificate).
• Key pair update: All key pairs need to be updated regularly (i.e.,
replaced with a new key pair) and new certificates issued. Update is
required when the cer- tificate lifetime expires and as a result of
certificate revocation.

• Revocation request: An authorized person advises a CA of an

abnormal situa- tion requiring certificate revocation. Reasons for
revocation include private- key compromise, change in affiliation, and
name change.

• Cross certification: Two CAs exchange information used in

establishing a cross-certificate. A cross-certificate is a certificate
issued by one CA to another CA that contains a CA signature key used
for issuing certificates.
Key/Certificate Life-Cycle Management
Certification Authority

• Certification Authorities (CAs) in PKI Terminology is to

certify the key pair/identity binding by digitally signing a
data structure that contains some representation of the
identity and a corresponding public key.
• This data structure is called a public-key certificate(or, more
simply, a certificate)
Certification Authority -Scenario

• For example, when George wants to send a

confidential message to Lisa, whom he has not met
previously, he will somehow be able to associate a
public key with Lisa so that he can encrypt the
message for her.
• With a potential user population of hundreds of
thousands or millions of entities, the most practical
way to achieve this is to appoint a relatively small
number of authorities.
• These authorities are trusted by a large segment of
the population or, perhaps, the entire population to
perform the function of binding a public key pair to
a given identity.
Certificate Repository

• A CA solves only part of the problem mentioned in the previous

section (that is, that George needs to associate a public key with
Lisa in order to encrypt data for her).
• The certificate issued by the CA associates a public key with
Lisa's identity; unless George is able to locate this certificate
easily, however, he is effectively no further ahead than if the
certificate had never been created.
• Some sort of robust, scalable, on-line repository system must be
in place for George to locate the certificates he needs to
communicate securely. A certificate repository therefore forms a
part of our expanded PKI definition; a large PKI would be useless
without it.
• For a discussion regarding various repository technologies and
choices (including X.500, LDAP, Web servers, FTP servers, DNS,
corporate databases
Certificate Revocation

• No longer acceptable to use this public key for that identity. This
alerting mechanism in a PKI is called Certificate Revocation.
• An analogy for PKI Certificate Revocation may be drawn as
follows. A driver's license is a form of certificate: a binding of an
identity (name and picture) to a driver's license number (that is,
a permission to drive) by a trusted authority.
• When a police officer pulls over a car, the officer does not simply
check the expiration date on the license of the driver; he or she
also calls an authority to see if the license has been revoked. A
revocation check is necessary because sometimes
circumstances dictate that the identity/permission binding
present in the (unexpired) certificate should no longer be
trusted.
Key Backup and Recovery

• In any given operational PKI environment, some percentage of

users may be expected to lose the use of their private key each
fixed time period (for example, each month or each year).
• This may be due to numerous situations, including the following:
• Forgotten passwords A given user's encrypted private key is still
physically there but inaccessible.
• Destruction of a medium A hard disk crashes, or a smart card
breaks
• Replacement of a medium An operating system is reloaded
• One solution to this problem is to encrypt all data for multiple
recipients, but this may not always be practical (for example, for
highly sensitive data). A much more practical and commonly
accepted solution is to implement backup and recovery of
private decryption keys
Automatic Key Update

• A certificate has a finite lifetime. This may be for theoretical

reasons, such as the current state of knowledge in cryptanalysis
with respect to asymmetric algorithms and key lengths.
• Alternatively, it may be for reasons based on practical
estimations, such as limiting the amount of data typically
protected by a single key to a certain number of megabytes.
• Whatever the reason, however, in many PKI environments, a
given certificate will need to "expire" and be replaced with a
new certificate. This procedure is called a key update or a
certificate update.
• The solution is to implement the PKI in such a way that key or
certificate update is handled in a totally automated way by the
PKI itself, with no user intervention whatsoever.
• Whenever the user's certificate is about to be used for any
purpose, its validity period is checked. When the expiration date
is approaching, a renewal operation occurs, and a new
certificate is generated. Then, the new certificate is used in
place of the old, and the user-requested transaction continues.
Key History

• The concept of key update, whether manual or automatic,

implies that, over the course of time, a given user will have
multiple "old" certificates and at least one "current“ certificate.
• This collection of certificates and corresponding private keys is
known as the user's key history (perhaps more properly called
key and certificate history, but typically the shorter name is
used).
• Like key update, the management of key histories must be
automatic and totally handled by the PKI.
• The PKI must hold on to all the keys in the history, perform
backup and recovery where appropriate, and find the
appropriate key that corresponds to any protected data.
Cross-Certification

• The concept of cross-certification has arisen in the PKI environment to

deal with
precisely this need for forming trust relationships between formerly
unrelated PKI installations.
• In the absence of a single, global PKI, cross-certification is an
accepted mechanism
for enabling users of one PKI community to validate the certificates of
users in another
• PKI community.
• In a business setting, the need to interconnect PKIs can arise as a
result of mergers, acquisitions, addition of new partners and
suppliers, and so on.
• Without a mechanism for smooth, controlled PKI interconnection,
radical and highly disruptive changes would have to occur in the
environment, such as revoking all certificates in the acquired
company and issuing new ones from the acquiring company.
Support for Non-repudiation

• PKI must provide support for avoiding or preventing repudiation,

a property known as non-repudiation.
• A PKI cannot by itself provide true or full non-repudiation;
typically, a human element is needed to apply discretion and
judgment in weighing the evidence and to provide the final
decision.
• However, the PKI must support this process by providing some
of the technical evidence required, such as data origin
authentication and a trusted attestation of the time the data
was signed
• One critical element in the support for non-repudiation services
is the use of secure time stamping within the PKI.
• That is, the time source must be trusted, and the time value
must be securely conveyed. There must be an authoritative
source of time that a collection of PKI users will trust.
• The authoritative source of time for the PKI (that is, the secure
time-stamping server whose certificate is verifiable by the
relevant community of PKI users) need not exist solely for the
purposes of non-repudiation;
• Support for non-repudiation services will perhaps be the primary
driver for proper time stamping in many environments. In any
case, time stamping forms part of our extended PKI definition.
Client Software
• A PKI may be viewed, at least at some level, as a collection of PKI
servers that will "do things" for a user, such as the following:
The CA will provide certification services.
• The repository will hold certificates and revocation information.
• The backup and recovery server will enable the proper management
of key histories.
• The time-stamping server will associate authoritative time
information with
documents.
But,
• Client software is an essential component of a full-featured, fully
operational PKI.
• Without it, the many services offered by the PKI are effectively not
useful, because nothing is available to enable them or to make use of
them.
Client software

• It is important to note that the necessity of client-side software

implies nothing about the size or permanance of that software. In
particular, the client-side component of the PKI may be big or little,
ephemeral or long term; that is, it can be
• Quite large (the "fat client"), performing much of the PKI operational
processing such as certificate path processing and validation
• Quite small (the "thin client"), simply calling out to external servers
for these PKI functions
• A Java applet or similar mobile code, downloaded in real time on an
as-needed
basis and then erased when the calling application (such as a Web
browser) is shut down
• A Dynamically Linked Library or similar, that resides permanently on
the
• client platform
Core PKI Services

• Authentication,
• Integrity,
• Confidentiality
A PKI is generally considered to be associated with three primary
services:
• Authentication is the assurance to one entity that another entity
is who he, she,
or it claims to be.
• Integrity is the assurance to an entity that data has not been
altered
(intentionally or unintentionally) between "there" and "here" or
between "then"
and "now.“
·Confidentiality is the assurance to an entity that no one can read
a particular
piece of data except the receiver(s) explicitly intended.
• A PKI is generally considered to be associated with three primary
services:
• Authentication is the assurance to one entity that another entity
is who he, she, or it claims to be.
• Integrity is the assurance to an entity that data has not been
altered (intentionally or unintentionally) between "there" and
"here" or between "then“ and "now."
• Confidentiality is the assurance to an entity that no one can read
a particular piece of data except the receiver(s) explicitly
intended.
Authentication
• Authentication, the assurance that an entity is who he, she, or it
claims to be, typically finds application in two primary contexts,
entity identification and data origin identification.
• Entity identification, by itself, serves simply to identify the
specific entity involved, essentially in isolation from any other
activity that the entity might want to perform.
• For example, the process of entity identification may result in (or
unlock) a symmetric key that can subsequently be used to
decrypt a file for reading or modification or to establish a secure
communications channel with another entity.
• Data origin identification identifies a specific entity as the
source or origin of a given piece of data. This is not entity
identification in isolation, nor is it entity identification for the
explicit purpose of enabling some other activity.
Entity Identification: Local versus
Remote

• Initial entity identification to the local environment.that is, to the

entity's
personal, physically proximate device with no communications to
other devices
on the network

· Entity identification to a remote device, entity, or environment

• Local authentication, initial authentication of an entity to the
local environment, almost always involves the user directly and
explicitly (a password or PIN must be entered; a thumbprint scan
must be taken).
• By contrast, remote authentication, authentication of an entity
to some remote environment, may or may not involve the user
directly.
Entity Identification: Single Factor versus Multifactor

There are many ways of proving an identity. These can be divided

into four categories:
• Something you have (such as a smart card or a hardware token)
• Something you know (such as a password or a PIN)
• Something you are or something intrinsic to your body (such as
a thumbprint or a retinal scan)
· Something you do (such as your typing characteristics or
handwriting style)
• The concept of single-factor authentication is that only a single
method among the preceding options is used.
• Multifactor authentication uses more than one of the options
simultaneously during the authentication process (two-factor
uses two,
• three-factor uses three, and so on).
• A familiar example of two-factor authentication is the sign-on
process at an ATM in which the user inserts a magnetic-stripe
card ("something you have") and enters a PIN ("something you
know") to gain access to his or her bank account
Authentication as a PKI
Service
• The benefits in using a PKI for remote authentication can be
attractive.
• The complexity of preestablishing shared keys between
processes is eliminated, as is the security risk of transmitting
sensitive authenticating information (such as a password or a
thumbprint) over a network. Rather, public-key technology is
Authentication as a PKI Service
Integrity

• Data integrity is the assurance of nonalteration: The data (either

in transit or in storage) has not been undetectably altered.
Clearly, such assurance is essential in any kind of business or
electronic commerce environment, but it is desirable in many
other environments as well.
• A level of data integrity can be achieved by mechanisms such
as parity bits and Cyclic Redundancy Codes (CRCs). Such
techniques, however, are designed only to detect some
proportion of accidental bit errors;
• they are powerless to deliberate data manipulation by
determined adversaries whose goals are to modify the content
of the data for their own gain.
Confidentiality

• Confidentiality is the assurance of data privacy: No one may

read the data except for the specific entity (or entities) intended.
Confidentiality is a requirement when data is
• Stored on a medium (such as a computer hard drive) that can be
read by an unauthorized individual
• Backed up onto a device (such as a tape) that can fall into the
hands of an unauthorized individual
• Transmitted over unprotected networks
PKI-Enabled Services
Secure Communication

• Secure e-mail (using, for example, a protocol such as Secure

Multipurpose Internet Mail Extensions Version 2, S/MIMEv2,
[RFC2311, RFC2312] or S/MIMEv3 [RFC2632, RFC2633])
• Secure Web server access (using, for example, a protocol such
as Transport
Layer Security, or TLS, [RFC2246])
• A secure Virtual Private Network, or VPN (using, for example, a
protocol such
as IPsec/IKE [RFC2401, RFC2411])
• Secure e-mail, for example, can be implemented as a PKI-
enabled service simply by having the e-mail package access the
core security services of the PKI to encrypt and sign messages
and format the result using the S/MIME syntax.
• Messages can then be transported across an untrusted network
without compromising their authenticity, integrity, or
confidentiality
Secure Time Stamping

• Secure time stamping involves a trusted time authority

associating a time stamp with a particular piece of data with the
properties of authenticity and integrity.
• What is important is not so much the actual time format itself
but the security of the time/data association.
• In particular, for some applications the time stamp need not
explicitly represent time at all; a simple sequence number
demonstrating that this document was presented to the
authority before document X and after document Y may be
sufficient.
• However, interested parties must be able to verify that the time
stamp associated with this document is authentic and has
integrity.
• The secure time-stamp service makes use of the core PKI
services of authentication and integrity.
• Specifically, the time stamp on a document involves a digital
signature over the combination of some representation of time
and a cryptographic hash of the document itself.
Notarization

• PKI-enabled service of notarization is defined to be synonymous

with data certification. That is, the notary certifies that data is
valid or correct, in which the meaning of correct necessarily
depends on the type of data being certified.
• For example, if the data to be certified is a digital signature over
some hashed value, the notary may certify that the signature is
"valid" in the following sense:
• The signature verification computation with the appropriate
public key is mathematically correct.
• The public key is still validly associated with the entity
purporting to have signed the value.
• All other data required in the validation process is accessible
and trustworthy.
Non-repudiation

• Non-repudiation is the term used for the service that ensures, to

the extent technically possible, that entities remain honest
about their actions.
• The most commonly discussed variants are non-repudiation of
origin (in which a user cannot falsely deny having originated a
message or document) and non-repudiation of receipt (in which
a user cannot falsely deny having received a message or
document).

• Connection with Other Services

• Need for a Secure Data Archive
• Complexity of This Service
Privilege Management

• Privilege management is a generic term for what is variously

called authorization, access control, rights management,
permissions management, capabilities management, and so on
• This topic encompasses questions such as the following:
• Is Alice allowed to read this record in the database?
• Can Bob execute this application program?
• Should Christine be granted remote access to this network?
• Must David be prevented from seeing pages in this portion of
the Web server?
• Are purchase orders for over $10,000 from Erica to be accepted?
Privacy

• Privacy (an entity's ability to control how, when, and to what

extent personal information about it is communicated to others
• PKI is often associated with certificates and certificates are
generally assumed to contain some sort of (locally if not globally
unique) identifying information. But privacy can be supported by
a PKI if such "identifying information" is decoupled from thereal-
world identities of the human users.
Mechanisms Required to Create
PKI-Enabled Services

• Digital Signatures,
• Hashes,
• MACs, and
• Ciphers
Comprehensive PKI
Internet PKI
Enterprise Secure e-mail
Inter-enterprise signed transactions