Skip to content

Page142

Public Key Infrastructure

Public Key Infrastructure (PKI) leverages all three forms of encryption to provide and manage digital certificates. A digital certificate is a public key signed with a digital signature. Digital certificates may be server-based (used for SSL websites such as https://www.ebay.com, for example) or client-based (bound to a person). If the two are used together, they provide mutual authentication and encryption. The standard digital certificate format is X.509.

NIST Special Publication 800-15 describes five components of PKI:

  • Certificate Authorities (CAs) that issue and revoke certificates
  • Organizational Registration Authorities (ORAs) that vouch for the binding between public keys and certificate holder identities and other attributes
  • Certificate holders that are issued certificates and can sign digital documents
  • Clients that validate digital signatures and their certification paths from a known public key of a trusted CA
  • Repositories that store and make available certificates and Certificate Revocation Lists (CRLs) [46]

Certificate Authorities and Organizational Registration Authorities

Digital certificates are issued by Certificate Authorities (CAs). Organizational Registration Authorities (ORAs) authenticate the identity of a certificate holder before issuing a certificate to them. An organization may operate as a CA or ORA (or both).

CAs may be private (run internally) or public (such as VeriSign or Thawte). Anyone off the street cannot simply request and receive a certificate for www.ebay.com, for example; they must prove that they have the authority to do so. This authentication is done by the CA, and can include business records research, emails sent to domain contacts, and similar methods.

Certificate Revocation Lists

The Certificate Authorities maintain Certificate Revocation Lists (CRLs), which, as the name implies, list certificates that have been revoked. A certificate may be revoked if the private key has been stolen, an employee is terminated, etc. A CRL is a flat file and does not scale well. The Online Certificate Status Protocol (OCSP) is a replacement for CRLs and uses client-server design that scales better.

Key Management Issues

Certificate Authorities issue digital certificates and distribute them to certificate holders. The confidentiality and integrity of the holder’s private key must be assured during the distribution process.

Public/private key pairs used in PKI should be stored centrally (and securely). Users may lose their private key as easily as they may forget their password. A lost private key that is not securely stored means that anything encrypted with the matching public key will be lost (short of cryptanalysis described previously).

Note that key storage is different from key escrow. Key storage means the organization that issued the public/private key pairs retains a copy. Key escrow, as we will discuss shortly, means a copy is retained by a third-party organization (and sometimes multiple organizations), often for law enforcement purposes.

A retired key may not be used for new transactions but may be used to decrypt previously encrypted plaintexts. A destroyed key no longer exists and cannot be used for any purpose.