PKI-An Operational Perspective. NANOG 38 ARIN XVIII October 10, 2006

Similar documents
Update on Resource Certification. Geoff Huston, APNIC Mark Kosters, ARIN IEPG, March 2008

A PKI For IDR Public Key Infrastructure and Number Resource Certification

Problem. BGP is a rumour mill.

Overview of the Resource PKI (RPKI) Dr. Stephen Kent VP & Chief Scientist BBN Technologies

APNIC Trial of Certification of IP Addresses and ASes

Some Lessons Learned from Designing the Resource PKI

TeliaSonera Gateway Certificate Policy and Certification Practice Statement

APNIC Trial of Certification of IP Addresses and ASes

RPKI Trust Anchor. Geoff Huston APNIC

Apple Inc. Certification Authority Certification Practice Statement

Using Resource Certificates Progress Report on the Trial of Resource Certification

Apple Inc. Certification Authority Certification Practice Statement

SSL Certificates Certificate Policy (CP)

Using Resource Certificates Progress Report on the Trial of Resource Certification

Bugzilla ID: Bugzilla Summary:

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

Server-based Certificate Validation Protocol

Securing Routing: RPKI Overview. Mark Kosters Chief Technology Officer

RPKI. Resource Pubic Key Infrastructure

Lockheed Martin Enterprise Public Key Infrastructure Certificate Policy (CP)

Whois & Data Accuracy Across the RIRs

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

DirectTrust Governmental Trust Anchor Bundle Standard Operating Procedure

Northrop Grumman Enterprise Public Key Infrastructure Certificate Policy

Raytheon Company Public Key Infrastructure (PKI) Certificate Policy

Internet Engineering Task Force (IETF) Category: Informational ISSN: February 2012

Apple Inc. Certification Authority Certification Practice Statement. Apple Application Integration Sub-CA Apple Application Integration 2 Sub-CA

Certification Authority

PKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures

Securing Internet Infrastructure: Route Origin Security using RPKI at ARIN. Mark Kosters CTO

THE WALT DISNEY COMPANY PUBLIC KEY INFRASTRUCTURE CERTIFICATE POLICY. November 2015 Version 4.0. Copyright , The Walt Disney Company

Dark Matter L.L.C. DarkMatter Certification Authority

Public Key Establishment

Technical Trust Policy

Smart Meters Programme Schedule 2.1

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations

OpenADR Alliance Certificate Policy. OpenADR-CP-I

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop

Facilitating Secure Internet Infrastructure

Public Key Infrastructures

DRAFT REVISIONS BR DOMAIN VALIDATION

Introduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

APNIC s role in stability and security. Adam Gosling Senior Policy Specialist, APNIC 4th APT Cybersecurity Forum, 3-5 December 2013

SWITCHpki Service Launch The SWITCHpki Team

PAA PKI Mutual Recognition Framework. Copyright PAA, All Rights Reserved 1

National Identity Exchange Federation. Trustmark Signing Certificate Policy. Version 1.0. Published October 3, 2014 Revised March 30, 2016

Certification Practice Statement

Life After IPv4 Depletion

Introducción al RPKI (Resource Public Key Infrastructure)

CERTIFICATE POLICY CIGNA PKI Certificates

Securing BGP: The current state of RPKI. Geoff Huston Chief Scientist, APNIC

OISTE-WISeKey Global Trust Model

RPKI deployment at AFRINIC Status Update. Alain P. AINA RPKI Project Manager

Person determining CPS suitability for the policy CPS approval procedures 1.6. DEFINITIONS AND ACRONYMS

Resource Certification

Digital Certificates Demystified

Local TA Management. In principle, every RP should be able to locally control the set of TAs that it will employ

TELIA MOBILE ID CERTIFICATE

Certification Policy of CERTUM s Certification Services Version 4.0 Effective date: 11 August 2017 Status: archive

Management Assertion Logius 2013

<36 th APNIC Meeting, XIAN CHINA> KISA(KRNIC) UPDATE. YOUNGSUN LA Korea Internet & Security Agency


Securing Core Internet Functions Resource Certification, RPKI. Mark Kosters ARIN CTO

KeyOne. Certification Authority

United States Department of Defense External Certification Authority X.509 Certificate Policy

ARIN Support for DNSSEC and RPKI. ION San Diego 11 December 2012 Pete Toscano, ARIN

Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.10 Effective Date: June 10, 2013

IPv4 Run-Out, Trading, and the RPKI

R. Sabett Cooley Godward LLP C. Merrill McCarter & English, LLP S. Wu Infoliance, Inc. November 2003

eidas Interoperability Architecture Version November 2015

CSE 565 Computer Security Fall 2018

Symantec Trust Network (STN) Certificate Policy

GlobalSign Certification Practice Statement

Digi-CPS. Certificate Practice Statement v3.6. Certificate Practice Statement from Digi-Sign Limited.

Avira Certification Authority Policy

DECISION OF THE EUROPEAN CENTRAL BANK

GlobalSign Certification Practice Statement

X.509. CPSC 457/557 10/17/13 Jeffrey Zhu

National Identity Exchange Federation. Certificate Policy. Version 1.1

SONERA MOBILE ID CERTIFICATE

Getting to Grips with Public Key Infrastructure (PKI)

Resource Public Key Infrastructure (RPKI) Nurul Islam Roman, APNIC

Resource PKI. NetSec Tutorial. NZNOG Queenstown. 24 Jan 2018

SAML Metadata Signing gpolicy and Aggregation Practice Statement

X.509 Certificate Policy For The Virginia Polytechnic Institute and State University Certification Authorities

Public Key Infrastructures. Using PKC to solve network security problems

Bart Preneel PKI. February Public Key Establishment. PKI Overview. Keys and Lifecycle Management. How to establish public keys?

Internet Resource Certification and Inter- Domain Routing Security! Eric Osterweil!

EXBO e-signing Automated for scanned invoices

An Operational ISP & RIR PKI

Certificate Policy for the Chunghwa Telecom ecommerce Public Key Infrastructure. Version 1.5

Validation Policy r tra is g e R ANF AC MALTA, LTD

CHEVRON U.S.A. INC. PUBLIC KEY INFRASTRUCTURE Root Certificate Authority Set of Provisions Version 2

6 Public Key Infrastructure 6.1 Certificates Structure of an X.509 certificate X.500 Distinguished Name and X.509v3 subjectalternativename

Certification Practice Statement. for OV SSL. Version 1.2. Date: 6 September 2017

Security Overlays on Core Internet Protocols DNSSEC and RPKI. Mark Kosters ARIN CTO

Version July 21, Waples Mill Road. South Tower, Suite 210. Fairfax, VA Date:

thawte Certification Practice Statement Version 3.4

X.509 Certificate Policy for the New Zealand Government PKI RSA Individual - Software Certificates (Medium Assurance)

Transcription:

PKI-An Operational Perspective NANOG 38 ARIN XVIII October 10, 2006

Briefing Contents PKI Usage Benefits Constituency Acceptance Specific Discussion of Requirements Certificate Policy Certificate Policy Framework Policy and Cost Consideration Algorithms and Key Sizes Sample Overview 2

Roles and Responsibilities Certification Authorities (CAs) Subscribers Relying Parties Registration Authorities (RAs) Critical Roles for Deployment and Sustainment PK-Enabling Applications 3

4 Mechanisms X.509 Certificate Fields and Extensions Extension Details RFC 3779 Draft Certificate Profile Architecture and Transactional View PKI Revocation Architecture PKI Trust extension Way Ahead for Constituency Resources

PKI Usage PKI is the foundation for security mechanisms that provides a variety of cryptographically based services through the use of asymmetric key pairs Authentication via enrollment and registration processes which cryptographically bind a key to an identity Integrity of a transaction through digital signature processes Encryption primarily through SSL/TLS 5

Benefits Foundational in securing Internet routing system Analogous to DNSSEC as securing DNS Extended usage (such as portal authentication, communication security, billing integrity ) may become part of overall capability Requirements may differ, but essential technology and operational impacts remains consistent 6

Constituency Acceptance 7 Published policy has to match goals for integrating public key technology Openly identify details on cost to deploy and sustain as well as impact to current business processes Anticipate that most ISPs will not want to set up and run their own CAs due to costs and administration burdens RIRs should strongly consider offering "outsourced CA services" for their members ISPs may wish to run their own CAs in their own environments, but it shouldn t be a requirement Ensure expenditures are consistent with phased implementation strategy Ensure business case benefits of better security are met

Specific Discussion of Requirements The use of a certificate issued to authenticate a representative of an ISP as a representative of that ISP, based on the AS number(s) in the extension, is consistent with stated goal of using PKI to support routing security applications Check to confirm that registrant is same entity as POC for corresponding whois record (for given address) o RFC 2725 (Routing Protocol System Security) states that routing object should be validated against both address and AS maintainers Is this global policy across RIRs? Should it be? Database(s) to implement this check in authoritative manner 8

Certificate Policy 9 A Certificate Policy (CP) is named set of rules indicating applicability of a certificate to particular community and/or class of applications with common security requirements IETF RFC 3647 (Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Statement) contains framework of topics to be covered when defining certificate usage in a given domain Note that CPS are generally maintained privately within the given domain of the CP

Certificate Policy Framework Introduction Participants, usage, policy administration, etc. Publication // Repository responsibilities Naming, Identity validation, Identification and Authentication for rekey and revocation requests, etc. Life-cycle operational requirements Issuance, key usage, renewal, rekey, revocation and suspension, status services, etc. Facility management // operational controls Physical, procedural, audit logging, archival, etc. 10

Technical security controls Key pair generation, private key protection, etc. Profiles for Certificates, CRLs and Responder services Compliance audit and business // legal matters Fees, privacy of personal information, IPR, dispute resolution, etc. 11

Policy and Cost Consideration Subordinate CAs are usually operational for some period of time that is double the time in which they actively issue certificates; the second half of the lifetime, they continue to issue CRLs Lifetime will be dependent upon the business relation between the parties (RIR-ISP, ISP-ISP, ISP-end user) and will vary Hardware and software product life cycles are significantly shorter Maintenance costs increase when products are no longer supported by vendors 12

Algorithms and Key Sizes Current widespread use of RSA 1024 // 2048 with SHA-1 Highly recommend following NIST Key Management Guidelines Signature o EC-DSA = P256; P384 Encryption Certificates o EC-DH Supporting Algorithms o SHA-256 o AES 13

Sample Overview Excerpt from draft Certificate Policy for Internet IP Address and AS Number PKI This PKI is designed to support validation of claims by current holders of IP (v4 and v6) address space, and AS numbers, in accordance with the (current) records of the registries and ISPs that act as CAs in this PKI The ability to verify such claims is essential to ensuring the unique, unambiguous allocation of these resources 14

The PKI encompasses several types of certificates CA certificates for each organization allocating address blocks and AS numbers, and for each address space holder Potential to use end entity certificates for operations personnel to support access control for the repository system 15

Roles and Responsibilities Certification Authorities (CAs) Subscribers Relying Parties Registration Authorities (RAs) Critical Roles for Deployment and Sustainment 16

Certificate Authority CAs are trusted by users to create certificates and are responsible for issuing certificates, publishing certificates, and revoking certificates by placing them on Certificate Revocation Lists (CRLs) Roots or trust anchors Subordinate CAs Need to clarify which organizations that allocate IP addresses and AS numbers will act as CAs 17

Subscriber Generically, a subscriber is the entity whose name appears as the subject in a certificate and are expected to use the private key associated with the public key contained in the certificate in accordance with the requirements of the CP identified in the certificate Can refer both to ISPs, which can be subscribers of RIRs, NIRs/LIRs and other ISPs, and to organizations that are not ISPs, which are subscribers of ISPs in the networking sense of the term 18

ARIN Subscriber concept A subscriber is the entity who is expected to use the private key associated with the public key contained in the certificate and whose name may appear as the subject in a certificate. Subscribers ("certificate holders") can be organizations (CAs), infrastructure components and perhaps individuals May include devices at some point in the evolution of PKI usage Attestation relates to currency of resource rightof-use 19

Relying Parties Entities that need to validate claims of address space and/or AS number current holdings are relying parties. Thus, for example, entities that make use of address and AS number allocation certificates in support of improved routing security are relying parties. This includes ISPs, multi-homed organizations exchanging BGP traffic with ISPs, and subscribers who have received an allocation of address space from ISP A but want to authorize ISP B to originate routes to this space Repositories make use of certificates for access control checking for authorization to upload certificate, CRL, and ROA update packages, and thus they too act as relying parties 20

Registration Authorities RAs are officials recognized by the CA to ensure that the subscribers appropriately present the necessary credentials for registration into the PKI A Local Registration Authority (LRA) is an individual authorized by the RA to perform identity verification of human and component applicants, and to authorize issuance of certificates to human applicants 21

Critical Roles for Deployment and Sustainment These will never show up in a CP framework, but are absolutely critical to doing PKI right Applications Architect who understands the applications in use and their capabilities or limitations Systems Administrator // Operations Specialist who understands the business processes that will benefit from becoming Public-Key enabled as well as the operational environment 22

Experienced PKI technology assessor who can verify that PKI vendor capability claims match the needed capabilities of the enterprise PKI Subject matter expertise in network routing, firewalls, web architectures, mechanics of SSL, directory services and, if required by the policy, hardware cryptographic tokens These experts would work with the experienced PKI technology assessor to minimize cost and complexity in the design stages 23

PK-Enabling Applications Typically decentralized management of applications Resources for PK-enabling are on par with resources needed for maintaining system or upgrading hardware and software Enabling the applications and creating the certificates should occur in parallel PKE should constitute all aspects of accepting, verifying, utilizing and managing certificates and CRLs 24

Mechanisms Mechanisms Most common certificate format used to represent key and identity binding is X.509v3 certificate structure Originally based on ISO/ITU work for authenticating to and encrypting exchanges with Directory Services Significant implementation and operational enhancements defined through IETF PKIX working group Structure is typically profiled in the CP to represent usage, constraints and operational environment o Caveat don t build a profile unless you know what you want to achieve with the PKI and how you plan to support the elements in the profile! 25

X.509 Certificate Fields and Extensions Version Subject Key Identifier Freshest CRL Serial Number Key Usage Authority Info Access Issuer Signature Algorithm Extended Key Usage Subject Info Access Issuer Private Key Usage Validity Period Certificate Policies Validity Period Subject Alternative Name Policy Mappings Subject Name Issuer Alternative Policy Constraints Subject Public Key Info Subject Directory Attributes Inhibit anypolicy Issuer Unique Identifier Basic Constraints IPAddrBlock Subject Unique Identifier Name Constraints AS Identifier 26 Authority Key Identifier CRL Distribution Points Signature

Extension Details Extensions are either mandatory or optional and critical or non-critical Profile Authority and subject key id are hashes of the respective public keys Key Usage (critical) defines how key is to be used Basic Constraints (critical) identifies CA CRL DP provides location of CRLs Authority and subject Information Access identifies point of publication for all certificates issued by the issuers superior CA and location of information related to subject if it s a CA 27 o SIA not present if subject is NOT a CA Certificate Policies (critical) contains OID for Resource Certificate Policy

RFC 3779 Defines two X.509 v3 certificate extensions: first binds list of IP address blocks, or prefixes, to subject of certificate; second binds list of autonomous system identifiers to subject of certificate Extensions may be used to convey authorization of subject to use IP addresses and autonomous system identifiers contained in extensions Right-to-use for IP address prefix, being authorized to specify the AS that may originate advertisements of the prefix throughout the Internet For autonomous system identifier, being authorized to operate a network(s) that identifies itself to other network operators using that autonomous system 28 identifier

Draft Certificate Profile A Profile for X.509 PKIX Resource Certificates APNIC July 2006 Defines which extensions must be used Test criteria for RFC 3779 extensions need to be developed NIST PKI Test Suite covers almost every other known extension 29

30 Architecture and Transactional View Directory Synchronized Certificate and CRL data CA, CRL entries Root CA CA certificate mgmt transactions RA, Subscriber, CAs Global, Distributed Directory; Responder Services CRL data Certificate Management Transactions Relying Parties Registration Authorities Subscribers

PKI Revocation Architecture Certificate Revocation Lists (CRLs) are used to identify certificates that are (for any number of reasons) no longer valid Checking the CRL is essential element of certificate path validation to ensure certificates are still good Choice of mechanisms to convey revocation data and how the relying parties apply them are very dependent on applications, network, size of CRL and assurance required in PKI 31

Full CRL checking at client Most complex option; many client applications cannot perform necessary operations RFC 2560 On-line Certificate Status Protocol (OCSP) Responders Off-loads processing (yes/no) to OCSP service; client simply conveys certificate under assessment to the OCSP responder and waits for answer Enhancements under development in IETF draft for Server-based Certificate Validation Protocol (SCVP) 32

Relying Party Request Network Response (signed) OCSP Server Some consideration must be given to how the client handles the signed response, to avoid looping Infrastructure needs to feed CRLs to OCSP service not standardized 33

PKI Trust Extension Other RIRs are marching ahead with PKI deployments Variety of mechanisms available, but trust extension must meet business case and policy considerations Must be considered at beginning of policy and architecture planning stage in order to ensure interoperability with minimum perturbation as architecture deployment occurs Minimize cost and complexity both at relying party applications level and at operations level 34 o Are applications capable of building complex validation paths? o What does it take to map certificate policies for equivalencies?

Multiple Trust Anchors Root AfriNIC Root APNIC Root ARIN Root LACNIC (Root Store) Root RIPE/NCC Signing CAs 35 Subscribers

Common Rooted Hierarchy Common Root RIR CAs.. RIR Specific CAs.. Subscribers 36 Who will run the Root? Transition the root to Common Root from RIR-Specific Root Lack of flexibility of trust from RIR to RIR

Bilateral Cross Certification among Roots of Hierarchies AfriNIC.. APNIC ARIN.... LACNIC.. RIPE/NCC.. 37

Cross certification is not currently in APNIC plans Anticipate that RIRs may issue certificates for each other for the resources that were traded or moved into the receiving RIR region Common Certificate Policy required for equivalency in issuance assurance 38

Way Ahead for Constituency Think in Stages Start with Strategic view Evaluate the business needs and create a model based on CP structure Understand the architecture, technology, operational and support requirements and the impact to the existing business and applications context Don t forget to include interoperability with other PKI domains 39

Develop pre-deployment criteria Creating CP, training for operations and support elements, specifying the business processes that will be affected; acquiring hardware, software and services Limited initial deployment with selected participants Leverage prototype systems being developed in various RIRs (APNIC, RIPE NCC) to raise awareness, experiment with usability and acceptance of proposed architecture Full rollout throughout enterprise, plan for interoperability with other domains 40

Resources RFCs RFC 2560 Online Certificate Status Protocol o http://www.ietf.org/rfc/rfc2560.txt RFC 2725 Routing Policy System Security o http://www.ietf.org/rfc/rfc2725.txt?number=2725 RFC 3647 - Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Statement o http://www.ietf.org/rfc/rfc3647.txt?number=3647 RFC 3779 - X.509 Extensions for IP Addresses and AS Identifiers o http://www.ietf.org/rfc/rfc3779.txt?number=3779 41

Drafts A Profile for X.509 PKIX Resource Certificates 42 o www.ietf.org/internet-drafts/draft-ietf-sidr-res-certs-02.txt Server-Based Certificate Validation Protocol o www.ietf.org/internet-drafts/draft-ietf-pkix-scvp-27.txt NIST Key Management Guidelines Part 1: General o Csrc.nist.gov/publications/nistpubs/800-57/Sp800-57-Part1.pdf Part 2: Best Practices for Key Management Organizations o Csrc.nist.gov/publications/nistpubs/800-57/Sp800-57-Part2.pdf PKI Test Suites Csrc.nist.gov/pki/testing/xpaths.html

Questions? Additional requests for information? 43

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback