Presentation Transcript
PKI: Ten Years Later: PKI: Ten Years Later
Carlisle Adams
School of Information Technology and Engineering
University of Ottawa
Mike Just
Treasury Board of Canada, Secretariat
Outline: Outline Motivation
Public key technology and PKI
PKI examples
PKI criticisms
PKI evolution and a current definition
The road ahead…
Motivation: Motivation
We have reached an anniversary in PKI
Has our understanding of this technology grown in any way? If so, how?
PK Technology and PKI: PK Technology and PKI Public key technology
Each entity in a collection has a pair of keys
Alice has pubA, privA
Enc, d-sig. possible (mathematical operations)
Public Key Infrastructure (PKI)
Makes PK technology available to applications and environments that wish to use it
Enc, d-sig. possible (security operations)
Key pair bound to an entity identifier in a way that makes it useful to a variety of apps
PKI (cont’d): PKI (cont’d) 'Identifier'
Uniquely specifies entity within some context or environment (no ambiguity), but need not reveal actual identity
Anonym (single-use identifier; no mapping to entity)
Pseudonym (multiple-use identifier; no mapping to entity)
Veronym (multiple-use identifier; clear mapping to entity)
Context/environment need not be global in scope (depends on apps that will use keys)
PKI (cont’d): PKI (cont’d) Binding of key pair and identifier
Validity of bindings
Authority (making andamp; breaking)
Issuance process (syntax andamp; dissemination)
Termination process (alerting)
Use of bindings
Anchor management process (augment andamp; diminish)
Private key management process ('fit for purpose')
Binding validation process (trusting someone else’s key)
Slide7: Outline Motivation
Public key technology and PKI
PKI examples
PKI criticisms
PKI evolution and a current definition
The road ahead…
PKI Examples: PKI Examples Over the past ten years, there have been several different approaches to modeling and implementing a PKI
These approaches can be compared based on the 6 components of the 'binding' concept
We look at the following:
X.509, PGP, X9.59, SPKI
Slide9: Sample Comparisons (see paper for others)
Sample Comparisons(see paper for others): Sample Comparisons (see paper for others)
PKI Criticisms: PKI Criticisms Many criticisms have been leveled at this technology
Probably the best-known collection is the '10 Risks' paper by Ellison andamp; Schneier
But criticisms cannot always be taken at face value: need to consider whether the 'flaw' being criticized is actually related to PKI or not
PKI Criticisms (cont’d): PKI Criticisms (cont’d) Examples:
Authentication versus authorization
Security of computing platforms
Linkage between identifier and real entity ('John Robinson problem')
PKI Criticisms (cont’d): PKI Criticisms (cont’d) Understatement alert: PKI has had its share of critics over the years
A number of criticisms have been unjustified, and a number have been misdirected (aimed at PKI when the actual problem is elsewhere)
The remainder have been very beneficial, driving evolution and leading to a deeper understanding of this technology
Slide14: Outline Motivation
Public key technology and PKI
PKI examples
PKI criticisms
PKI evolution and a current definition
The road ahead…
Evolution: Evolution Ten years ago, the 1993 version of the ISO/IEC CCITT/ITU-T IS X.509 began to be disseminated, recognized, and implemented in small-scale environments
Late 1993 / early 1994 was effectively the birth of PKI (although the acronym was yet to be coined)
Infrastructural considerations were paramount (how to make PK technology available to a wide variety of applications)
Evolution (cont’d): Evolution (cont’d) Initial definition (1994)
Authority: always and only a CA
Issuance: X.509 syntax; DN; X.500 Directory
Termination: CRL; X.500 Directory
Anchor: root of CA hierarchy
Private key: CA gen.; OOB reg.; local storage
Validation: large, special-purpose s/w toolkit
Evolution (cont’d): Evolution (cont’d) After ten years of extensive discussion, research, and implementation by numerous interested parties world-wide:
Each of the 6 components has broadened quite considerably with deeper understanding
BUT, the same 6 components comprise the core of the definition (i.e., the essential characteristics of the definition remain unchanged)
Evolution (cont’d): Evolution (cont’d) Current definition (2004)
Authority: multiple choices (incl. end entity)
Issuance: multiple choices (syntax andamp; dissem.)
Termination: multiple choices (incl. online)
Anchor: multiple choices (augment andamp; diminish)
Private key: multiple choices (gen., reg., storage)
Validation: mult. choices (thin client; native apps)
Outline: Outline Motivation
Public key technology and PKI
PKI examples
PKI criticisms
PKI evolution and a current definition
The road ahead…
Future of PKI: Future of PKI Moving from theory to practice
Over ten years, innovative thinking, fruitful technical discussion, constructive criticism, and implementation efforts have driven the recognition of the need for options
Research into secure architectures and secure protocols have made options possible
BUT options have yet to be embraced in a significant way in real products
Future of PKI (cont’d): Future of PKI (cont’d) Example: identifier bound to public key
Sometimes there are valid reasons for the identifier to be a veronym; sometimes a pseudonym; sometimes an anonym
Standards (in their language and syntax) do not preclude different identifier types
However, history and tradition have made rigid interpretations: PKI deployments are almost exclusively one type or another
WHY NOT HAVE CAs THAT CAN BIND KEYS TO ANY OF THE THREE TYPES, AS REQUIRED?
This would make PKIs more suited to real-world needs
Conclusion: Conclusion The goal of this work has been to demonstrate that the PKI community has significantly broadened its understanding of this technology over the past ten years
The challenge now is to translate that understanding to real PKI deployments that solve authentication challenges in real, heterogeneous environments