Cross Certification p37 v03
Cross Certification p37 v03
Cross Certification p37 v03
(jjkim@signgate.com)
Contents
Comparing Models
PKI Entities
PKI analysis
Proposed CC Model
Conclusions
Copyright 2012@KICA Inc. All rights reserved
Comparing Models
Comparing Models
CTL
Cross-certification
Cross-recognition
Advantage/Disadvantage
Model Comparison
CR: Cross Recognition
An interoperability arrangement in which a replying party in one
PKI domain can use authority information in another domain to
authenticate a subject in the other PKI domain, and vice versa.
CTL: Certificate Trust List
A CTL is a signed PKCS#7 data structure that can contain, among
other things, a list of trusted CAs. A trusted CA is identified
within the CTL by a hash of the public key certificate of the
subject CA.
CC: Cross Certification
A certification authority may be the subject of a certificate issued
by another certification authority.
Reliability
Standards
Cross Certificate
Stability
CTL Model
A CTL is a signed PKCS#7 data structure that can contain
hash list of trusted CAs.
Use for interoperability of National PKI and Government PKI in
Korea.
CTL
CTL
CTL
RootCA Bs
Hash
RootCA A
Certificate Path
A_RootCA Cert
RootCA B
RootCA As
Hash
CA A
CA B
B_CA Cert
B_User Cert
USER A
PKI A
Copyright 2012@KICA Inc. All rights reserved
USER B
PKI B
4
pkiCTL
certificateTrustList;binay
Content Type
Content
version
digestAlgorithms
encapContentInfo
certificates
crls
signerInfos
SignedData(PKCS#7)
version
Subject Usage
List Identifier
Sequence Number
This Update
Next Update
Subject Algorithm
Trusted Subjects
Type Criticality Value
Extensions
CA Signature
CTL
CC
PKCF #10 of CRMF
Cross Certification
A-B Cross
Certificate
RootCA A
Certificate Path
A_RootCA Cert
RootCA B
B-ACross
Certificate
B_RootCA Cert
CA A
B-A Cross
Certificate
CA B
B_CA Cert
A-B Cross
Certificate
B_User Cert
PKI A
USER A
USER B
PKI B
6
Serial number:1
Issuer : A-CA
Subject : A-CA
Validity : .
PublicKey : PA-CA
Extensions
SA-CA
Serial number:2
Issuer : A-CA
Subject : B-CA
Validity: .
PublicKey : PB-CA
Extensions
SA-CA
12
15
user
11
13
ARL
Issuer: A-CA
thisUpdate:
nextUpdate:
revokedCertificates
3
Serial number:07
Issuer : B CA
Subject: AB user
Validity: .
PublicKey: P AB
Extensions
SB-CA
AB Users Cert
CRL
A-CAs ARL
Copyright 2012@KICA Inc. All rights reserved
Issuer : B-CA
thisUpdate:
nextUpdate:
revokedCertificates
2,4,30, ..
B-CAs CRL
14
Trust Anchor : A
7
CTL Advantages/Disadvantage
Category
Relative
Advantages
Description
No single point of failure.
Issuer of CTL can produce ARL to revoke a trusted CA, or can
issue new CTL with revoked CA omitted.
Potential
Disadvantages
CC Advantages/Disadvantage
Category
Relative
Advantages
Potential
Disadvantages
Description
Effect of compromise is limited to EEs subordinate to the
compromised CA.
EEs can trust a local (well-known) CA.
Trusted point rollover affects only local EEs.
Certificate paths are short between local users.
Revocation of single trusted point is straightforward.
Certificate paths can be very long between distant EEs.
Revocation of multiple trusted points (if applicable) must be
supported.
Path construction may be complex must be able to navigate
multiple paths and find a path (not necessarily the optimal one)
linking sender to relying partys trust point.
Level of flexibility required for path construction and validation is
not currently supported in all client products.
Need access to revocation information from the cross-certified
domain (implies repository connectivity or import of CRLs from
other domain).
CR Advantages/Disadvantage
Category
Relative
Advantages
Potential
Disadvantages
Description
10
PKI Entities
PKI Entities
PKI Entities
PKI Components
11
PKI Entities
End entity
PKI Users
Cert / CRL
Repository
Initial registration
Certification
Key pair recovery
Key pair update
Certificate update
Revocation request
PKI Management
entities
Certificate
Publish
RA
certificate Publish
CRL Publish
OP
MP
Copyright 2012@KICA Inc. All rights reserved
CA
cross certification
CA-2
12
PKI Components
CA
Certificate Authority
Issues or distributes the certificate for other CA, End Entity, RA.
handles revocation request from the owner of certificate or RA.
publishes certificate and CRL to directory server
issues the cross-certificate and manages
RA
Registration Authority
Directory System
EE
End User
13
PKI Analysis
PKI Analysis
14
User Interface
Specification for
Accredited CAs
Mark
Specification
for
accredited
Certificate
Subscriber Identification
Base on virtual ID
Interoperability
Certificate and
CRL Profile
OCSP
Certificate Import/
Export(PKCS#12)
15
16
Man-in-the-Middle-Attack in CRL
An IDP field in the current CRL profile is optional.
If the IDP field is not created or the criticality sets noncritical, this attack may happens.
1. In case of searching CRLs from a directory server, an attacker switches the other valid CRLs.
2. In case of caching CRLs in a server, an administrator switches the CRL with malicious
intension
LDAP
CRL Name
Crl1.crl
Crl2.crl
Crl3.crl
Crln.crl
DS
Server
Copy
CRL 3
Server
Administrator
Copyright 2012@KICA Inc. All rights reserved
CRL1
Attacker
CRL: Certificate Revocation List
IDP: issuing Distribution Point
17
EE A S/W
Smar
t
Card
A Smartcard
Licensed CA
Certificate Chain
Certificate for KM
Private Key from KM
Certificate for Sign
Private Key for Sign
Bs USB
Token
B Smartcard
18
Description
Solution
MS CryptoAPI, CDSA
defined APIs by local
define API
Specifications
Development
Platform
C,JAVA
IE, Netscape
Message and
Encoding Rules
Certificate policy
PSE
Cryptography
Algorithm
Program
Interface
(API)
Transmission
Protocol
common algorithms
Negotiation
XML signature
CMS
19
Proposal
Analyze the current NPKI profile and make a new
profile for cross-certification.
Define new object classes with attributes in standard.
Use referral object class and make a new CRL DP class.
Certificate Transport
Method
PSE Interoperability
Certificate Verification
PKCS#10 or CMP
20
Proposed CC Model
Proposed CC Model
Cross certification model
Certificate profile
CRL profile
Directory Schema
PKCS#12
PSE interoperability
Certificate verification
scenario
Copyright 2012@KICA Inc. All rights reserved
21
Cross-certification Model
CA, CrossCertificates,
User Certificates,
ARL, CRL
Referral
Cross Certification
LDAP
PKCS#10
DS
CA_A
DS
CA_B
CMP/
PKCS#10
PKCS#12
EE
EE A
S/W
PKCS#11
PKCS#12
EE B S/W
PKCS#11
PSE
PKCS#5/
PKCS#8
Cert A
Cert BA
Cert AB
Cert B
22
Certificate - V3 Extensions
X.509 v3 extension
Authority Key Identifier
Description
Provides a means of identifying the public key corresponding to the
private key used to sign a certificate.
Provides a means of identifying certificates that contain a particular
public key.
Defines the purpose (e.g., encipherment, signature, certificate signing)
of the key contained in the certificate.
Contain a sequence of one or more policy information terms, each of
which consists of an object identifier (OID) and optional qualifiers.
Policy Mappings
Basic Constraints
Name Constraints
Policy Constraints
Authority Information
Access
23
Certificate Profile
Field
Self
Cross
EE
ASN.1 Type
NC
NC
NC
NC
NC
NC
OCTET STRING
Key Usage
BIT STRING
Certificate Policies
NC
Policy Mappings
NC
NC
NC
Basic Constraints
Name Constraints
Policy Constraints
Distribution Point
NC
Full Name
NC
NC
NC
M
NC
DirectoryName, URI
NC
NC
24
Description
Authority Key
Identifier
CRL Number
Issuing Distribution
Point
Identifies the CRL distribution point and scope for a particular CRL.
Field
CRL
Key Identifier
CRL Number
ARL
ASN.1 TYPE
NC
NC
M
M
M
NC
NC
OCTET STRING
INTEGER
25
Directory Schema
Entity
Object class
Attribute
person
organizationalPerson
inetOrgPerson
certificateAuthority
commonName
surName
cACertificate
crossCertificatePair
certificateRevocationList
authorityRevocationList
End
Entity
person
organizationalPerson
inetOrgPerson
commonName
surName
userCertificate
CRL
DP
cRLDistributionPoint
ou
certificateRevocationList
country
referral
country
ref
CA
referral
26
Object Class
Name
OID
Description
Basic object class.
person
2.5.6.6
organizationalPerson
2.5.6.7
2.16.840.1.113730.3.2.2
Object inherited by
organizationalPerson.
include certificate attribute.
inetOrgPerson
certificationAuthority
2.5.6.16
country
2.5.6.2
referral
2.16.840.1.113730.3.2.6
cRLDistributionPoint
Not defined
27
Attributes
Attribute Name
OID
Description
User Name.
commonName
2.5.4.3
surName
2.5.4.4
userCertificate
2.5.4.36
cACertificate
2.5.4.37
CAs Certificate.
crossCertificatePair
2.5.4.40
Cross-certificate.
Certificate issued by each other.
( A [forward] B )
( A [reverse] B )
certificateRevocationList
2.5.4.39
CRL.
authorityRevocationList
2.5.4.38
ARL.
countryName
2.5.4.6
Country Name.
ref
2.16.840.1.113730.3.1.34
A family name.
Users Certificate.
28
29
PSE Interoperability
Common Module (CryptoAPI, GSM or CDSA)
Download
Module
Pre-installed
Module
Certificate
Storage
PSE PKCS#11
PKCS#11 was intended from the beginning to be an interface
between applications and all kinds of portable cryptographic
devices, such as those based on smart cards, PCMCIA cards, and
smart diskettes.
Client (MS Windows)
Download Module
Web Server
Web Server
Applications(A)
Applications(B)
Local API
(Active-X Wrapper)
Local API
(Java Wrapper, JNI)
Standard
Java
Active-X
Local API
(Active-X Wrapper)
Local API
(Java Wrapper, JNI)
Internet
PKCS#11 API
(developed by A)
Pre-installed
Module
Pre-Installed
PKCS#11 Driver
(Domain A)
PSE(A)
PKCS#11 API
(developed by B)
Pre-installed
Module
Pre-Installed
PKCS#11 Driver
(Domain B)
PSE(B)
31
PKCS#11 Functions
Cryptokis logical view of a token is a device that stores
objects and can perform cryptographic functions.
Item
API flowchart
Init
C_Initialize
Slot
C_GetSlotList
Session
C_OpenSession
Login
C_Login
Object
C_Finalize
C_GetTokenInfo
C_CloseSession
C_Logout
C_FindObjectsInit
Sign
C_CreateObject
C_SignInit
Verify
C_VerifyInit
C_GetFunctionList
C_FindObjects
C_GetAttributeValue
C_FindObjectsFinal
C_DestroyObject
C_Sign
C_Verify
32
Trust Anchor: A
A-Apps
DS B
CRL
A-B Cross Cert, A-CA Cert
ARL
DS A
send result
transmit
XML-signature or
CMS signedData
PKCS#11 or
PKCS#12 Import
generate digital
signature
Trust Anchor: B
AB
A-CA Cert,
B-A Cross Cert,
A-B Cross Cert,
CRL, ARL
A-CA Cert,
A-B Cross Cert,
B-A Cross Cert,
CRL, ARL
User AB
33
Conclusions
Conclusions
34
Conclusions
CC is most reliable and safe model among CR,
CTL, CC.
As NPKI at present solve the problem and
proposed the new cross-certification model.
Provided convenience of PSE because of
PKCS#11.
Provided interoperability of key exchange using
PKCS#12.
Give guideline for certification path construction
by detail scenario.
Improve current NPKI to international cross
certification.
Define model based on standard
Give a easy implementation.
Copyright 2012@KICA Inc. All rights reserved
35