Public Key Infrastructure

Information about Public Key Infrastructure

The external links in this article or section may require cleanup to comply with Wikipedia's content policies.
Please [ improve this article] by removing excessive or inappropriate external links. Please remove this tag when this is done. (talk)

Diagram of a public key infrastructure

In cryptography, a public key infrastructure (PKI) is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique for each CA. This is carried out by software at a CA, possibly under human supervision, together with other coordinated software at distributed locations. For each user, the user identity, the public key, their binding, validity conditions and other attributes are made unforgeable in public key certificates issued by the CA.

The term trusted third party (TTP) may also be used for certificate authority (CA). The term PKI is sometimes erroneously used to denote public key algorithms which, however, do not require the use of a CA.

Purpose and functions

PKI arrangements enable computer users without prior contact to be authenticated to each other, and to use the public key information in their public key certificates to encrypt messages to each other ^[1]. In general, a PKI consists of client software, server software, hardware (e.g., smart cards), legal contracts and assurances, and operational procedures. A signer's public key certificate may also be used by a third-party to verify the digital signature of a message, which was made using the signer's private key.

In general, a PKI enables the parties in a dialogue to establish confidentiality, message integrity and user authentication without having to exchange any secret information in advance, or even any prior contact. The validity of a PKI between the communicating parties is, however, limited by practical problems such as uncertain certificate revocation, CA conditions for certificate issuance and reliance, variability of regulations and evidentiary laws by jurisdiction, and trust ^[2]. These problems, which are significant for the initial contact, tend to be less important as the communication progresses in time (including the use of other communication channels) and the parties have opportunities to develop trust on their identities and keys <ref name="Overview" />.

Typical use

Most enterprise-scale PKI systems rely on certificate chains to establish a party's identity, as a certificate may have been issued by a certificate authority computer whose 'legitimacy' is established for such purposes by a certificate issued by a higher-level certificate authority, and so on. This produces a certificate hierarchy composed of, at a minimum, several computers, often more than one organization, and often assorted interoperating software packages from several sources. Standards are critical to PKI operation, and public standards are critical to PKIs intended for extensive operation. Much of the standardization in this area is done by the IETF PKIX working group.

Enterprise PKI systems are often closely tied to an enterprise's directory scheme, in which each employee's public key is often stored (embedded in a certificate), together with other personal details (phone number, email address, location, department, ...). Today's leading directory technology is LDAP and in fact, the most common certificate format (X.509) stems from its use in LDAP's predecessor, the X.500 directory schema.

Alternatives

Web of Trust

Main article: Web of Trust

An alternative approach to the problem of public authentication of public key information across time and space is the web of trust scheme, which uses self-signed certificates and third party attestations of those certificates. Speaking of the Web of Trust does not imply the existence of a single web of trust, or common point of trust, but any number of potentially disjoint "webs of trust". Examples of implementations of this approach are PGP (Pretty Good Privacy) and GnuPG (The GNU Privacy Guard; a free implementation of OpenPGP, the standardized specification of PGP). Because PGP and implementations allow the use of email digital signatures for self-publication of public key information, it is relatively easy to implement one's own Web of Trust.

One of the benefits of the Web Of Trust, for example in PGP, is that it can interoperate with a PKI CA fully-trusted by all parties in a domain (such as an internal CA in a company) that is willing to guarantee certificates, as a trusted introducer. [ 2 ]

Simple Public Key Infrastructure

Another alternative, which however does not deal with public authentication of public key information, is the simple public key infrastructure (SPKI) that grew out of 3 independent efforts to overcome the complexities of X.509 and PGP's web of trust. SPKI does not bind people to keys, as the key is the principal -- the one that "speaks". SPKI does not use any notion of trust, as the verifier is also the issuer. This is called an "authorization loop" in SPKI terminology, where authorization is integral to its design.

Additionally, PKI supports message encryption and digital signatures that further enhance transactional security. While essential services such as certificate validation and revocation, key backup and recovery, and simultaneous update of key pairs minimize the administrative workload for a PKI infrastructure, features such as audit of key history and time-stamping enhance security control and management. And last but not least, the PKI infrastructure supports cross-certification, which is key to creating a truly federated identity by enabling seamless integration among circles of trust.

In comparison to Kerberos, PKI provides enhanced security, greater scalability and easier administration, control and management of the infrastructure. As a result, PKI enables a larger community of users, consumers and partners to communicate and transact more dynamically, securely, reliably and cost-effectively. PKI is the right choice for an open Network Identity environment.

History

The public disclosure of both secure key exchange and asymmetric key algorithms in 1976 by Diffie, Hellman, Rivest, Shamir, and Adleman changed secure communications entirely. With the further development of high speed digital electronic communications (the Internet and its predecessors), a need became evident for ways in which users could securely communicate with each other, and as a further consequence of that, for ways in which users could be sure with whom they were actually interacting.

Assorted cryptographic protocols were invented and analyzed within which the new cryptographic primitives could be effectively used. With the invention of the World Wide Web and its rapid spread, the need for authentication and secure communication became still more acute. Commercial reasons alone (e.g., e-commerce, on-line access to proprietary databases from Web browsers, etc.) were sufficient. Taher ElGamal and others at Netscape developed the SSL protocol ('https' in Web URLs); it included key establishment, server authentication (prior to v3, one-way only), and so on. A PKI structure was thus created for Web users/sites wishing secure (or more secure) communications.

Vendors and entrepreneurs saw the possibility of a large market, started companies (or new projects at existing companies), and began to agitate for legal recognition and protection from liability. An American Bar Association technology project published an extensive analysis of some of the foreseeable legal aspects of PKI operations (see ABA digital signature guidelines), and shortly thereafter, several US states (Utah being the first in 1995) and other jurisdictions throughout the world, began to enact laws and adopt regulations. Consumer groups and others raised questions of privacy, access, and liability considerations which were more taken into consideration in some jurisdictions than in others.

The enacted laws and regulations differed, there were technical and operational problems in converting PKI schemes into successful commercial operation, and progress has been far slower than pioneers had imagined it would be.

By the first few years of the 21st century, it had become clear that the underlying cryptographic engineering was not easy to deploy correctly, that operating procedures (manual or automatic) were not easy to correctly design (nor even if so designed, to execute perfectly, which the engineering required), and that such standards as existed were in some respects inadequate to the purposes to which they were being put.

PKI vendors have found a market, but it is not quite the market envisioned in the mid-90s, and it has grown both more slowly and in somewhat different ways than were anticipated. PKIs have not solved some of the problems they were expected to, and several major vendors have gone out of business or been acquired by others. PKI has had the most success in government implementations; the largest PKI implementation to date is the Defense Information Systems Agency (DISA) PKI infrastructure for the Common Access Cards program.

PKI software

When deploying a PKI, the most important part is an appropriate CA software. There are several solutions on the market:

Microsoft: Windows 2000 Server and Server 2003 contain a CA software, which is integrated into the Active Directory. It doesn't cost additional licence fees. This is currently the most popular solution on the market.
CoSign - Digital Signatures with built-in CA software A built-in CA, leveraging existing user directory management systems (e.g. Active Directory, Novell eDirectory and LDAP directories). The solution automatically generates digital certificates for users on the user directory, eliminating the common overhead found with other traditional PKI solutions.
Linux: Linux supports OpenSSL and OpenCA, which are two open source CA solutions. And EJBCA.
NEWPKI: Free software which generates and control Users Public Keys.
Novell: Offers the Novell Certificate Server, which is integrated into the eDirectory. Alternatively, the eDirectory add-on product cv act PKIntegrated (provided by a third party vendor at additional costs) can be used.
Entrust: The product Entrust Authority is the most popular among the not-for-free CA solutions. Entrust offers PKI software and a managed service option.
CyberTrust: The name of the product is TrustedCA.
RSA Security: The CA solution Keon is also very popular.
openWebPKI: open source PKI Web GUI project
Red Hat Certificate System: Former Netscape Certificate Server, nowadays (not yet Open Source) software by Red Hat.
ChosenSecurity: Offers a managed PKI for the enterprise using TC TrustCenter technology.
IdenTrust: Offers a managed PKI for the banking community.

Usage examples

PKIs of one type or another, and from any of several vendors, have many uses, including providing public keys and bindings to user identities which are used for:

Encryption and/or sender authentication of Email messages (e.g., using OpenPGP or S/MIME).
Encryption and/or authentication of documents (e.g., the XML Signature * or XML Encryption * standards if documents are encoded as XML).
Authentication of users to applications (e.g., smart card logon, client authentication with SSL).
Bootstrapping secure communication protocols, such as Internet key exchange (IKE) and SSL. In both of these, initial set-up of a secure channel (a "security association") uses asymmetric key (a.k.a. public key) methods, whereas actual communication uses faster secret key (a.k.a. symmetric key) methods.
Digital Signature Implementations CoSign from ARX, Silanis

References

1. ^ To decrypt, each user has their own private key, that is usually protected by a password and stored locally.
2. ^ Ed Gerck, Overview of Certification Systems: x.509, CA, PGP and SKIP, in The Black Hat Briefings '99, [1] and [2]

External links

PKI tutorial by Peter Gutmann
PKIX workgroup
Easing the PAIN — a detailed explanation of PKI Privacy, Authentication, Integrity and Non-repudiation (PAIN)
NIST PKI Program — in which the National Institute of Standards and Technology (NIST) is attempting to develop a public key infrastructure
What is a PKI (Entrust FAQ)?
Detailed overview of Entrust v5 from Luke O'Connor
PKI criticism

Public-key cryptography • • [ e]
Algorithms: Cramer-Shoup \| DH \| DSA \| ECDH \| ECDSA \| EKE \| ElGamal \| GMR \| IES \| Lamport \| MQV \| NTRUEncrypt \| NTRUSign \| Paillier \| Rabin \| RSA \| Schnorr \| SPEKE \| SRP \| XTR
Theory: Discrete logarithm \| Elliptic curve cryptography \| RSA problem
Standardization: ANS X9F1 \| CRYPTREC \| IEEE P1363 \| NESSIE \| NSA Suite B Misc: Digital signature \| Fingerprint \| PKI \| Web of trust \| Key size
Cryptography • • [ e]
History of cryptography \| Cryptanalysis \| \| Topics in cryptography
Symmetric-key algorithm \| Block cipher \| Stream cipher \| Public-key cryptography \| Cryptographic hash function \| Message authentication code \| Random numbers

Cryptography (or cryptology; derived from Greek κρυπτός kryptós "hidden," and the verb γράφω gráfo "write" or λεγειν legein
..... Click the link for more information.

Public-key cryptography, also known as asymmetric cryptography, is a form of cryptography in which a user has a pair of cryptographic keys - a public key and a private key. The private key is kept secret, while the public key may be widely distributed.
..... Click the link for more information.

In cryptography, a certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties. It is an example of a trusted third party. CAs are characteristic of many public key infrastructure (PKI) schemes.
..... Click the link for more information.

In cryptography, a public key certificate (or identity certificate) is an electronic document which incorporates a digital signature to bind together a public key with an identity — information such as the name of a person or an organization, their address, and so
..... Click the link for more information.

In cryptography, a trusted third party (TTP) is an entity which facilitates interactions between two parties who both trust the third party; they use this trust to secure their own interactions. TTPs are common in cryptographic protocols, for example, a certificate authority (CA).
..... Click the link for more information.

Authentication (from Greek αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true.
..... Click the link for more information.

encryption is the process of transforming information (referred to as plaintext) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.
..... Click the link for more information.

smart card, chip card, or integrated circuit card (ICC), is defined as any pocket-sized card with embedded integrated circuits which can process information.
..... Click the link for more information.

digital signature or digital signature scheme is a type of asymmetric cryptography used to simulate the security properties of a signature in digital, rather than written, form.
..... Click the link for more information.

Confidentiality has been defined by the International Organization for Standardization (ISO) as "ensuring that information is accessible only to those authorized to have access" and is one of the cornerstones of Information security.
..... Click the link for more information.

Data integrity is a term used in computer science and telecommunications that can mean ensuring data is "whole" or complete, the condition in which data is identically maintained during any operation (such as transfer, storage or retrieval), the preservation of data for its
..... Click the link for more information.

A software package is a bundle of one or several files that either are necessary for the execution of a computer program, or add features for a program already installed on the computer or network of computers.
..... Click the link for more information.

standardization or standardisation can have several meanings depending on its context. Common use of the word standard implies that it is a universally agreed-upon set of guidelines for interoperability.
..... Click the link for more information.

The word directory is used in computing and telephony meaning a repository or database of information. A directory, as opposed to a conventional database, is heavily optimized for reading, with the assumption that data updates are very rare compared to data reads.
..... Click the link for more information.

The Lightweight Directory Access Protocol, or LDAP (IPA: [ˈɛl dæp]), is an application protocol for querying and modifying directory services running over TCP/IP.
..... Click the link for more information.

In cryptography, X.509 is an ITU-T standard for public key infrastructure (PKI). X.509 specifies, amongst other things, standard formats for public key certificates and a certification path validation algorithm.

History and usage

X.
..... Click the link for more information.

X.500 is a series of computer networking standards covering electronic directory services. The X.500 series was developed by ITU-T, formerly known as CCITT. The directory services were developed in order to support the requirements of X.400 electronic mail exchange and name lookup.
..... Click the link for more information.

In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and a user.
..... Click the link for more information.

Pretty Good Privacy is a computer program that provides cryptographic privacy and authentication. It was originally created by Philip Zimmermann in 1991.

PGP and other similar products follow the OpenPGP standard (RFC 2440) for encrypting and decrypting data.
..... Click the link for more information.

GNU Privacy Guard (GnuPG or GPG) is a free software replacement for the PGP suite of cryptographic software, released under the GNU General Public License v3.
..... Click the link for more information.

E-mail (short for electronic mail; often also abbreviated as e-mail, email or simply mail) is a store and forward method of composing, sending, storing, and receiving messages over electronic communication systems.
..... Click the link for more information.

This article is copied from an article on Wikipedia.org - the free encyclopedia created and edited by online user community. The text was not checked or edited by anyone on our staff. Although the vast majority of the wikipedia encyclopedia articles provide accurate and timely information please do not assume the accuracy of any particular article. This article is distributed under the terms of GNU Free Documentation License.

Herod_Archelaus

iPedia Free Information Center