X 509 Certificates

X.509 defines a framework for the provision of authentication services by the X.500 directory to its users. The directory may serve as a repository of public-key certificates  Each certificate contains the public key of a user and is signed with the private key of a trusted certification authority.

In addition, X.509 defines alternative authentication protocols based on the use of public-key certificates.X.509 is an important standard because the certificate structure and authentication protocols defined in X.509 are used in a variety of contexts. For example, the X.509 certificate format is used in S/MIME , IP Security,and SSL/TLS.

X.509 was initially issued in 1988. The standard was subsequently revised in 1993 to address some of the security concerns . The standard is currently at version 7, issued in 2012.

X.509 is based on the use of public-key cryptography and digital signatures.The standard does not dictate the use of a specific digital signature algorithm nor a specific hash function. Figure 14.14 illustrates the overall X.509 scheme for generation of a public-key certificate. The certificate for Bob’s public key includes unique identifying information for Bob, Bob’s public key, and identifying information about the CA, plus other information as explained subsequently. This information is then signed by computing a hash value of the information and generating a digital signature using the hash value and the CA’s private key. X.509 indicates that the signature is formed by encrypting the hash value.

Certificates
The heart of the X.509 scheme is the public-key certificate associated with each user. These user certificates are assumed to be created by some trusted certification authority (CA) and placed in the directory by the CA or by the user. The directory server itself is not responsible for the creation of public keys or for the certification function; it merely provides an easily accessible location for users to obtain certificates.

Figure 14.15a shows the general format of a certificate, which includes the following elements.

Version: Differentiates among successive versions of the certificate format; the default is version 1. If the issuer unique identifier or subject unique identifier are present, the value must be version 2. If one or more extensions are present, the version must be version 3. Although the X.509 specification is currently at version 7, no changes have been made to the fields that make up the certificate since version 3.
Serial number: An integer value unique within the issuing CA that is unambiguously associated with this certificate.
Signature algorithm identifier: The algorithm used to sign the certificate together with any associated parameters. Because this information is repeated in the signature field at the end of the certificate, this field has little, if any, utility 
■ Issuer name: X.500 name of the CA that created and signed this certificate.
Period of validity: Consists of two dates: the first and last on which the certificate is valid.
Subject name: The name of the user to whom this certificate refers. That is, this certificate certifies the public key of the subject who holds the corresponding private key.
Subject’s public-key information: The public key of the subject, plus an identifier of the algorithm for which this key is to be used, together with any associated parameters.
Issuer unique identifier: An optional-bit string field used to identify uniquely the issuing CA in the event the X.500 name has been reused for different entities.
Subject unique identifier: An optional-bit string field used to identify uniquely the subject in the event the X.500 name has been reused for different entities.
Extensions: A set of one or more extension fields. Extensions were added in version 3 and are discussed later in this section.
Signature: Covers all of the other fields of the certificate. One component of this field is the digital signature applied to the other fields of the certificate.This field includes the signature algorithm identifier.

The unique identifier fields were added in version 2 to handle the possible reuse of subject and/or issuer names over time. These fields are rarely used.

The standard uses the following notation to define a certificate:
$$CA<<A>>= CA \{V, SN, AI, CA, UCA, A, UA, A_p, T^A\}$$
where
$Y<<X>>$ = the certificate of user $X$ issued by certification authority $Y$
$Y \{I\}$ = the signing of $I$ by $Y$. It consists of $I$ with an encrypted hash code appended
$V$ = version of the certificate
$SN$ = serial number of the certificate
$AI$ = identifier of the algorithm used to sign the certificate
$CA$ = name of certificate authority
$UCA$ = optional unique identifier of the $CA$
$A$ = name of user $A$
$UA$ = optional unique identifier of the user $A$
$A_p$ = public key of user $A$
$T^A$ = period of validity of the certificate

The $CA$ signs the certificate with its private key. If the corresponding public key is known to a user, then that user can verify that a certificate signed by the $CA$ is valid. 


OBTAINING A USER’S CERTIFICATE 
User certificates generated by a CA have the following characteristics:

■ Any user with access to the public key of the CA can verify the user public key that was certified.
■ No party other than the certification authority can modify the certificate without this being detected.

Because certificates are unforgeable, they can be placed in a directory without the need for the directory to make special efforts to protect them.

If all users subscribe to the same CA, then there is a common trust of that CA.All user certificates can be placed in the directory for access by all users. In addition, a user can transmit his or her certificate directly to other users. In either case, once $B$ is in possession of $A$’s certificate, $B$ has confidence that messages it encrypts with $A$’s public key will be secure from eavesdropping and that messages signed with $A$’s private key are unforgeable.

If there is a large community of users, it may not be practical for all users to subscribe to the same CA. Because it is the CA that signs certificates, each participating user must have a copy of the CA’s own public key to verify signatures. This public key must be provided to each user in an absolutely secure (with respect to integrity and authenticity) way so that the user has confidence in the associated certificates. Thus, with many users, it may be more practical for there to be a number of CAs, each of which securely provides its public key to some fraction of the users.

Now suppose that $A$ has obtained a certificate from certification authority $X_1$ and $B$ has obtained a certificate from CA $X_2$. If $A$ does not securely know the public key of $X_2$, then $B$’s certificate, issued by $X_2$, is useless to $A$. $A$ can read $B$’s certificate, but $A$ cannot verify the signature. However, if the two CAs have securely exchanged their own public keys, the following procedure will enable $A$ to obtain $B$’s public key.

Step 1: $A$ obtains from the directory the certificate of $X_2$ signed by $X_1$. Because $A$ securely knows $X_1$'s public key, $A$ can obtain $X_2$'s public key from its certificate and verify it by means of $X_1$'s signature on the certificate.

Step 2 :$A$ then goes back to the directory and obtains the certificate of $B$ signed by $X_2$. Because $A$ now has a trusted copy of $X_2$'s public key, $A$ can verify the signature and securely obtain $B$’s public key.

$A$ has used a chain of certificates to obtain $B$’s public key. In the notation ofX.509, this chain is expressed as
$$X_1<<X_2>>X_2<<B>>$$
In the same fashion, $B$ can obtain $A$’s public key with
$$X_2 <<X_1>> X1 <<A>>$$

This scheme need not be limited to a chain of two certificates. An arbitrarily long path of CAs can be followed to produce a chain. A chain with $N$ elements would be expressed as

$$X_1 <<X_2>>X_2 <<X_3>> \ldots X_N <<B>>$$

In this case, each pair of CAs in the chain (Xi, Xi+1) must have created certificates for each other.All these certificates of CAs by CAs need to appear in the directory, and the user needs to know how they are linked to follow a path to another user’s public-key certificate. X.509 suggests that CAs be arranged in a hierarchy so that navigation is straightforward.

Figure 14.16, taken from X.509, is an example of such a hierarchy. The connected circles indicate the hierarchical relationship among the CAs; the associated boxes indicate certificates maintained in the directory for each CA entry. The directory entry for each CA includes two types of certificates:

■ Forward certificates: Certificates of X generated by other CAs
■ Reverse certificates: Certificates generated by X that are the certificates of other CAs

In this example, user $A$ can acquire the following certificates from the directory to establish a certification path to B:
$$X<<W>>W <<V>> V<<Y>> Y <<Z>>Z <<B>>$$

When $A$ has obtained these certificates, it can unwrap the certification path in sequence to recover a trusted copy of $B$’s public key. Using this public key, $A$ can send encrypted messages to $B$. If $A$ wishes to receive encrypted messages back from $B$, or to sign messages sent to $B$, then $B$ will require $A$’s public key, which can be obtained from the following certification path:

$$Z<<Y>>Y<<V>>V <<W>> W <<X>> X <<A>>$$

$B$ can obtain this set of certificates from the directory, or $A$ can provide them as part of its initial message to $B$.

REVOCATION OF CERTIFICATES 
Recall from Figure 14.15 that each certificate includes a period of validity, much like a credit card. Typically, a new certificate is issued just before the expiration of the old one. In addition, it may be desirable on occasion to revoke a certificate before it expires, for one of the following reasons.

1. The user’s private key is assumed to be compromised.
2. The user is no longer certified by this CA. Reasons for this include that the subject’s name has changed, the certificate is superseded, or the certificate was not issued in conformance with the CA’s policies.
3. The CA’s certificate is assumed to be compromised.

Each CA must maintain a list consisting of all revoked but not expired certificates issued by that CA, including both those issued to users and to other CAs. These lists should also be posted on the directory.
Each certificate revocation list (CRL) posted to the directory is signed by the issuer and includes (Figure 14.15b) the issuer’s name, the date the list was created, the date the next CRL is scheduled to be issued, and an entry for each revoked certificate. Each entry consists of the serial number of a certificate and revocation date for that certificate. Because serial numbers are unique within a CA, the serial number is sufficient to identify the certificate.

When a user receives a certificate in a message, the user must determine whether the certificate has been revoked. The user could check the directory each time a certificate is received. To avoid the delays (and possible costs) associated with directory searches, it is likely that the user would maintain a local cache of certificates and lists of revoked certificates.



Comments

Post a Comment

Popular posts from this blog

Cryptographic Algorithms CST 393 KTU CS Honour Notes Semester V -Dr Binu V P

About Me About the Course and Scheme Syllabus Model Question Paper University Question Papers ******************************************************** Module-1 (Introduction to the Concepts of Security) Introduction CIA Triad  OSI Security Architecture Security Attacks Security Services Security Mechanisms Model for Network Security Classical Encryption Techniques     Symmetric Cipher Model     Cryptography -  Crypt Analysis Substitution Ciphers-Caesar Cipher     Mono-alphabetic Ciphers     Playfair Cipher     Hill Cipher Poly Alphabetic Ciphers- Vigenere Cipher     Vernam Cipher- One Time Pad Transposition Ciphers Module-2 (Symmetric Key Crypto Systems) Stream Cipher Vs Block Cipher Traditional Block Cipher Structure- Fiestel Structure Data Encryption Standard - DES Algorithm Differential and Linear Cryptanalysis Double DES and Triple DES International Data Encryption Algorithm ( IDEA) Advanced Encryption Standard ( AES) Block Cipher Modes of Operation Stream Cipher and RC4 Module-3
Read more

Syllabus CST 393 Cryptographic Algorithms

Syllabus Module-1 (Introduction to the Concepts of Security) Need for security, Security approaches, Principles of security, Types of attacks, OSI Security Architecture, Classical encryption techniques - Substitution techniques, Transposition techniques. Stream cipher, Block cipher, Public key cryptosystems vs. Symmetric key cryptosystems, Encrypting communication channels. Module-2 (Symmetric Key Cryptosystems) Overview of symmetric key cryptography, Block cipher principles, Data Encryption Standard (DES), Differential and Linear cryptanalysis, Double DES, Triple DES, International Data Encryption Algorithm (IDEA), Advanced Encryption Algorithm (AES),Block cipher modes of operation, Stream cipher, RC4. Module-3 (Public Key Cryptosystems) Principles of public key cryptosystems, RSA algorithm, RSA illustration, Attacks, ElGamal cryptographic system, Knapsack algorithm, Diffie-Hellman key exchange algorithm, Elliptic curve cryptosystems. Module-4 (Key Management) Symmetric key distributi
Read more

Computer Security Concept- CIA Triad

Image
Definition of Computer Security The NIST Computer Security Handbook [NIST95] defines the term computer security as follows: Computer Security: The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability,and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).   This definition introduces three key objectives that are at the heart of computer  security: Confidentiality: This term covers two related concepts:             Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals.      Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.   Integrity: This term covers two related concepts:      Data integrity: Assures that information
Read more