Design Issues in a Public Key Infrastructure (PKI)

Douglas P. Barton, Anthony S. Moran & Luke O'Connor
Queensland University of Technology,
DSTC Pty Ltd,
Email: dbarton@dascom.com
amoran@dascom.com
oco@zurich.ibm.com

Abstract

Computer security is a vitally important consideration in modern systems. Until recently, typically only the military and banking areas have had detailed security systems. However, with advances in technology and new paradigms, security is becoming a more widely considered concern, particularly with the massively growing interest in e-commerce.

System security is a broad term which covers all areas of security within information technology, from physical security, such as locks on doors, through to software to perform cryptographic functions (Ford). This paper will concentrate on a small but interesting area of software security based on public key cryptographic technology.

1 Cryptography and Public Key Technology

Cryptography is the enciphering of data using some well-known function to ensure the privacy of that data. Typically cryptographic functions require 'keys' which are used to 'encrypt' and 'decrypt' the data and are known only by trusted entities. There are two commonly known flavours of key-based cryptography, known as symmetric key and asymmetric key. As the names suggest, symmetric key cryptography uses the same key to encrypt and decrypt data while asymmetric key cryptography uses two keys which are mutual inverses (one decrypts the other's encryption). Asymmetric cryptography is known as 'public key' cryptography because one half of the key pair can be published without compromising the overall security of the system (Rivest).

Public key technology is seen by many to be both more cryptographically secure than symmetric key techniques and more easily scalable. Several reasons exist in support of these beliefs:

public keys can be more easily published without compromising the security of the private key or the overall system;
keys maintain at least an implicit identity by association of particular key pairs with specific entities; and
unlike the majority of symmetric key cryptography systems, key lengths are not fixed and may be increased for added cryptographic strength (security).

Public key technology does however suffer from similar problems to those experienced by symmetric key systems such as Kerberos, Sesame and standard Unix login security. The most obvious problem is that of key management where keys must be generated and passed around throughout the system. The problem is somewhat different between symmetric systems and public key systems. Key negotiation is required in symmetric systems so that the secrecy of keys is maintained whilst in public key systems, broadcast of public keys and establishing trust in the public key is the main requirement. Symmetric key systems use trusted third parties, sometimes called Key Distribution Centres (as in Kerberos), to manage this process and an analogous technique can be used in public key systems.

Public keys may be maintained in a database with associated subject identity and other information; each record is known as a certificate. Certificates however, do not by themselves enhance the trust in the system as a trusted third party is still required to create the certificates and prove trust. The trusted third party is known as the Certification Authority (CA) and it enables trust using a public key technique known as digital signatures (see Figure 2).

Digital signatures are a technique which uses an entity's private key to encrypt a message digest (checksum or message hash) calculated on a message. This enables other entities to verify the signature by decrypting the signature using the signing entity's public key and comparing with a message digest calculated on the message locally. Digital signatures prove integrity of the message and authenticity if the public key can be trusted to be authentic.

Since the CA's public key must be well-known by all clients, and since it is a cryptographically strong ('hard to guess') key, the CA can provide trust within the system by signing all certificates it issues. As long as the signing CA's public key for any certificate is known and trusted, the certificate can be trusted and used as proof of a binding between a client and a particular public key.

The key management problem is now apparent. How are certificates passed around a public key system and how is the CA's public key, which is used to verify certificates, broadcast/published securely? These problems can be resolved by the provision of a Public Key Infrastructure (PKI) which supports certification and broadcast of certificates using a simple architecture. It is a desirable feature of this PKI architecture that it be easily scalable to enable support for very large network environments such as the Internet.

2 The DSTC PKI

We have been involved in design and implementation of a PKI which we are basing on existing standard and outputs from relevant Internet working groups, such as the Internet Engineering Task Force PKIX Working Group. Version 1.0 of the DSTC PKI has been completed and the Version 2.0 design and implementation phase is proceeding.

The basic architecture of the DSTC PKI follows the client-server paradigm with 3 main servers: the Certification Authority (CA), Certification Server (CS) and Certificate Revocation Server (CRS) (see Figure 1). These main servers form the basis of the PKI structure conceptually known as a domain. The CA is the only server residing within the Trusted Computing Base (the highly secure core machines and servers) of the domain. The interdomain interface is provided to clients and the other PKI servers by the CS, which communicates with other domain CSs to request or send interdomain information.

Version 1.0 of the DSTC PKI is based on X.509 version 3 certificates and recommendations implemented on top of OSF's Distributed Computing Environment (DCE). However, ASN.1 support has not been included, which limits the interoperability of this prototype with other X.509 implementations. ASN.1 support is planned for PKI version 2.0 which will enable a full implementation of the X.509 version 3 standard and increased interoperability.

DCE is used within the PKI for basic type and transport encoding. It also provides the facility of authenticated RPC which enables on-line certification. We plan to add support for TCP/IP communications in Version 2.0 which will increase the user base for the prototype, but will force off-line certification. Off-line certification is however, a much more secure method of establishing identity, and more suitable in the PKI milieu than assuming authentication by DCE.

Version 1.0 of the DSTC PKI has rudimentary support for interdomain services such as certificate and certificate revocation list (CRL) retrieval as well as cross-certification of domains. Subsequent development for Version 2.0 will include extending trust routing strategies and investigation of caching and revocation strategies for interdomain operation.

Figure 1: Digital signatures

On top of the architectural details, a client Application Program Interface (API) is provided, with C bindings, for development of applications which may want to utilise the PKI and PK cryptography for security services. A full spectrum of API calls is made available to applications enabling certificate management and manipulation, public key cryptography calls (encrypt, decrypt, sign, verify, etc.) and well as routines to interface with the main servers.

The DSTC PKI project began in early 1996 and is expected to progress to Version 2.0 before the end of 1996. At the time of writing, it is stable at a 2.5 person project. It is intended that the outcome of the project will be used as a research platform for investigation of open research issues with the possibility of commercial development and release.

3 PKI Design Issues

There are a wide variety of issues presented when designing and implementing PKI, ranging from common issues encountered in all areas such as language choice and design methodology through to specifics such as interdomain hierarchy structures and revocation techniques. In this section, we will consider what we feel to be the difficult questions which are treated in little or no depth by existing documentation and yet which present the greatest impact on design and implementation of PKIs. Firstly, we will outline the existing standards documents and bodies working in the public key arena and will follow this with discussion of the difficult issues.

3.1 Standards and Crypto

Public key authentication technology cannot be discussed without mention of the X.509 standard OSI. The OSI 'Directory' standard specifies, in extensive detail using Abstract Syntax Notation (ASN.1), data structures, protocol exchanges and other important information for the implementation of the X.509 directory services. The X.509 standard has gone through several cycles of revision and is now up to Version 3, major changes affecting the proposed certificate structure.

There are a number of working groups on the Internet which are primarily concerned with public key technology and infrastructure. The most notable of these is the PKIX Working Group (Housley et al.). Recently, OSF published an architecture specification for PKI which details a basic PKI framework and considerations (Anderson et al.).

Due to the likelihood of public key uptake in electronic commerce systems of the future, there is significant interest in the legal issues involved. Various countries have developed or are developing frameworks, including legal specifications, for the use and regulation of public key technology. Australia, for instance, recently published a document called The Australian PK Authentication Framework (PKAF) and a corresponding request for comments. This document discusses the legal ramifications of various uses of public keys such as non-repudiation and digital signatures.

On the technology side of the public key arena, there are a number of major players. The cryptographic techniques are patented and copyrighted by a United States company called RSA (Rivest et al.). RSA-based public key cryptography is the most common, but there are other similar public key techniques based on similar concepts such as El Gamal. Pretty Good Privacy (PGP) by Phil Zimmerman, based on RSA techniques, is one of the most widely used of these public key technologies (Zimmerman). PGP is quickly growing in acceptance on the Internet, largely because it is freely available and runs on many platforms including PCs. A variety of message digest technologies are available, again the most common techniques, such as MD5, are produced by RSA (Rivest).

3.2 PKI Structure

The basic structure of any PKI requires at least 2 functional blocks. Firstly, certificates must be created and destroyed (revoked) somewhere within the system and secondly, certificates must be stored and made available to clients. The Certification Authority (CA) provides all the required services of the former, and the Certificate Server (CS) the latter.

Figure 2: PKI basic functional units

Since trust in a PKI system resides within the certificates themselves, the CA must be a trusted entity, but no such requirement need be placed on the CS. The CA must reside within the trusted computing base of the installation and be maintained by a trusted administrator. Two interfaces to the CA are provided to clients: one to create certificates and one to revoke certificates. The CA has no other interfaces to external clients. Certificates and Certificate Revocation Lists (CRLs) are registered with the CS by the CA.

The CS receives Certificates and CRLs from the CA and stores these items in the corresponding database. The CS provides several other interfaces to clients within the local domain as well as an interdomain interface. Clients may contact the CS, requesting certificates by subject name or serial number; they may also request CRLs from the CRS interface. Interdomain clients may access the same facilities through the local CS. The CS may reside anywhere within the installation and need not be trusted as it merely stores certificates in which the trust is inherent.

The provision of services from separate server entities facilitates the partitioning of the larger network into localised domains. Smaller domains enable local security management and reduce the administration overhead to achievable levels. Each domain would maintain its own internal PKI structure of CA and CS/CRS servers and certified clients. Interdomain trust however, becomes somewhat more difficult to resolve. In order for two clients to establish trust, each must be able to retrieve and verify the other's certificate. This process follows the outline:

obtain the public key for the CA which certified the other client;
if clients are from different domains then the CAs of each domain must be certified within the local domain, or some path of CA/domain certification must exist between the client domains, a process known as cross-certification;
each client must then obtain the certificate of the other client, and can check its validity using the public key of the issuing CA obtained in the previous step; and
once valid certificates have been shared, the public keys within the certificate may be used for secure exchange of information such as session keys and other encrypted data.

3.2.1 PKI Functional Blocks

The DSTC PKI extends the fundamental PKI structure with the addition of two extra functional blocks, the Certificate Revocation Server CRS and the client block Application Programme Interface (API) (see Figure 1). Each of these blocks interacts with one or more of the other blocks (and itself in the case of the client block) to achieve successful PKI operation.

The CA is the trusted third party within the system by which all trust is propagated. It is a highly trusted and secured piece of software and must reside within the trusted computing base of the installation to maintain the trust in the local PKI domain and overall PKI hierarchy (see below for discussion of hierarchies). The CA certifies clients within the domain, proving in a trustable manner that the holder of the private key matching the certificate is indeed who they claim to be. This can be achieved in a variety of ways:

The primary process of certification is off-line, requiring an entity to physically consult the security administrator and apply for a certificate. The process is somewhat akin to applying for a passport, driver's license or credit card. Clients desiring certification must provide proof to the security administrator which uniquely and incontrovertibly proves the client's identity.
An alternative process, and one which is more open to attack and compromise, is on-line certification. A client interface is provided by which the client forms a certificate request containing all the required information. The interface passes the request to the security administrator for actioning. The client interface must ensure the authenticity of the client, which is often very difficult and the main reason why off-line certification is generally held to be more secure.

The CS and CRS are servers which interface the clients with the back-end certificate and revocation list databases (which could be as simple as files). These servers are quite simple and need not be trusted, as all trust resides within the certificates or CRLs by the CA signature. Clients make requests of these servers and verify the return data using the CA public key, which must be a well-known and widely published datum and which may be retrieved with high assurance of authenticity. Because of the similar nature of the CS and CRS these servers may execute as a single entity, running separate threads for the two different roles.

Clients are provided with an API which may be used within applications to interface with a variety of PKI services and public key functions. Certificate and CRL manipulation as well as public and symmetric key cryptographic functions are provided within the API.

3.3 Interdomain

As we have discussed previously, the PKI provides the facility to partition the world into localised security domains. Domains are typically localised within organisation boundaries, encompassing the trust region of that organisation only. Domains may contain from one to many hosts and many clients, though the purpose of domains is to localise a manageable number of clients and machines within the scope of a security administrator.

The simplest PKI system is comprised of only a single domain within which all entities exist. This simplifies certificate validation issues such as locating the CA public key, but cannot be used in the real world as the sheer size of the domain would be unmanageable and very few, if any, entities are willing to share trust in a single CA. Each organisation has its own unique set of trust requirements which can easily be localised within its own domain, but not in a single super-domain.

Splitting the world into domains alleviates some problems, but creates others. How does one domain establish trust with other domains? How does a large collection of domains interwork? How are certificates passed around between domains and how are they verified? These problems can be resolved by addressing the routing problem inherent in all these questions; a domain needs to be able to establish trust, via cross-certification, with other domains. Each domain may opt to use its own ad hoc routing method or a global hierarchy can be established within which every domain resides, cross-certified with at least one other domain (see Figure 3).

3.3.1 Certificate Retrieval

Certificate retrieval is an important issue in PKI systems as verification of certificates requires public key decryption which can be a potentially high-cost operation. It is therefore desirable to optimise the certificate retrieval process to reduce waiting times and overheads.

Retrieval of a certificate from within the local domain is a straightforward operation. The client contacts the CS, outlining the details, either subject name or serial number, of the desired certificate. The CS checks the request; if valid, it searches the certificate database and returns the certificate, if found. The client must then verify the certificate for authenticity using the CA's public key to verify the digital signature on the certificate. This is the expensive operation, decrypting the signature using the public key.

A subsequent check on a certificate with a valid signature is to check whether it has been revoked. The client must contact the CRS, requesting a copy of the latest CRL. Once it receives a copy of the CRL the client must verify the signature on the CRL using the CA's public key. If the CRL is valid then the client searches for the certificate serial number in the CRL. If the serial number is found, then the certificate has been revoked and may only be usable for decrypting data encrypted (or verifying data signed) by the certificate owner before the certificate was revoked.

Figure 3: PKI domain hierarchy and cross certification

3.3.2 Certificate Chains and Trust

The case of interdomain certificate (and CRL) retrieval is more complicated and depends heavily on the domain interconnection strategy adopted within the PKI. To retrieve a certificate from a remote domain requires that the CAs of the local and remote domains are cross-certified (see Cross Certification below) or there is a path of cross-certified domains linking the local and remote domain's CAs.

Retrieving a certificate from a remote domain yields a chain of certificates corresponding to the path of cross-certification of CAs/domains through the hierarchy and the desired certificate. Validating the certificate chain requires that each certificate's digital signature is verified with the issuing CA's public key. This process begins with the first certificate in the chain, which is generated by the local CA, yielding the public key of the issuing CA of the next certificate in the chain. The process continues, validating certificates in the chain using previous certificates in the chain until the final certificate can be verified. If the certificate chain is 10 certificates long then 10 digital signatures need to be verified, and possibly 10 CRLs retrieved and verified, totalling up to 20 digital signature verifications and quite a delay.

It is obvious from this example, that certificate chains need to be kept as short as possible to ensure timely retrieval. This hinges upon a domain hierarchy which optimises the hop distance between domains.

3.3.3 Cross-Certification

Cross-certification performs two essential operations within the PKI domain hierarchy (see Figure 3). Firstly, it propagates trust between domains enabling interdomain communications secured using PKI services. Secondly, it enables short-cuts through the domain hierarchy, speeding up certificate retrieval between any two domains by reducing hop-distance between the two domains through the hierarchy to a single hop. Cross-certification has the side-effect of shortening of the hop-distance between two domains which are not cross-certified if intermediate domains in the path are cross-certified in such a way as to provide a more direct path through the hierarchy.

Trust is the primary factor and it must be maintained to ensure the integrity of each domain. Cross-certification occurs in much the same manner as client certification, except that there must be higher assurance of authenticity of each party. Typically, security administrators of each domain must meet, agree on policies and other details, then exchange CA public keys for certificate creation.

3.4 Revocation

Once created, a certificate remains valid for the duration between its inception/creation and expiry times. However, there are reasonably foreseeable situations in which the certificate may be compromised either through owner carelessness, system compromise or mandatory retirement of the certificate. In these circumstances, a facility is required to enable cancellation of certificates. This process is known as revocation.

3.4.1 Online

Revocation is a process, like certification, which requires a minimum amount of authentication and authorisation. Only the owner of the certificate or the administrator of the CA should have the authorisation to revoke a certificate. Digital signatures can be used to determine whether a revocation request should succeed.

As with certification, revocation may occur on-line or off-line; however, unlike certification, either method can be trusted. Clients requesting revocation of their own certificate must digitally sign the request which contains the certificate. Since revocation requires generation of a CRL signed by the CA, the CA is the revocation agent to which all revocation requests are sent. The CA can verify the revocation request and also the certificate within the request. If both are valid then the certificate details are added to the most recent CRL and the CRL is signed by the CA and issued to the CRS.

In the process of administering the local domain, the administrator may find reason to revoke a certificate. This may be due to suspicion of compromise by disclosure or attack, certificate expiration, or possibly that the client owning the certificate has left the company. In such situations, the administrator must have the authority to revoke certificates.

3.4.2 Revocation Lists and Deltas

Revocation information must be publicly available exactly as for certificates. This information is typically represented as a list, signed by the CA, each entry detailing a revoked certificate. Information contained in each list entry includes: certificate serial number, revoker identity, time and date of revocation and reason for revocation. This list is known as a Certificate Revocation List (CRL), is issued by the CA and is made available to clients via the CRS.

The CRL is maintained by the CA and, as each revocation occurs, an entry is added to the list. As the CA's domain ages, the CRL grows, listing all revoked certificates. It is obvious that, as time goes by, the CRL may become quite large especially in a domain with a large client base and high turnover of certificates. As a mechanism, CRLs are the most obvious solution to the problem of storing and relaying revocation information; however, obesity of CRLs needs to be addressed.

Delta CRLs have been proposed as a solution to the CRL problem. In this idea, CRLs are issued over short timeframes, with each CRL adding to the revocation database comprised of all previous CRLs. Hence, each CRL issued is effectively a delta or update of previous revocation information. Delta CRLs have achieved some popularity in the PKI world; however, there are substantial arguments against their use:

When retrieving revocation information for a particular certificate, it is impossible to guess whether it has already been revoked and when that revocation might have occurred. Delta CRLs are issued as updates over the last (short) period of time and hence are indexed on time of issue. In order to make use of delta CRLs, a search mechanism would be required so that clients could be provided with the appropriate revocation information. This increases the workload of the CRS and goes against the design philosophy of moving work to the client side wherever possible.
Delta CRLs are also open to man-in-the-middle attacks. It is not clear what data should be returned to the client when there is no revocation information regarding the certificate being verified. What is returned must not be open to replay and must prove that the certificate is valid and not currently revoked. In the case of CRLs, this is simple because the whole CRL is provided and revocation status is determined by existence of a matching revocation entry. However, delta CRLs are partial lists and non-existence on the list is not proof that the certificate is not revoked.

3.4.3 Revocation Notices

An extension which we propose is that of Certificate Revocation Notices (CRNs). In this proposal, revocation information is added to certificates when they are revoked. The certificate is re-signed and updated within the certificate database. It becomes a simple matter then for clients to verify a certificate by checking for revocation information in the certificate extensions.

CRNs are, however, not a problem for all the troubles of revocation. Under this proposal, certificates could not be cached by clients or within domain CSs because, while cached, they may be revoked. This means increased load on certificate retrieval, but reduced load on CRL retrieval, and implementation would depend on the trade-off between these two loads. Of course, fetching and verifying a certificate would require only the single network operation and a local check for the revocation notice within the certificate.

3.5 Policy

Policy is a generic problem within the area of information security. It is the specification of local requirements and processes for specified levels of trusted operation. Policy applies to the PKI because a variety of algorithms, key lengths, certificate structures and extension fields are available for use.

3.5.1 PCAs

The PKAF specifies the use of Policy CAs (PCAs) which provide policy defaults for CAs lower down in the PKAF hierarchy. The PCAs are servers which respond to policy queries, providing trusted default policy information to subordinate CAs and clients.

3.5.2 Domain Policy

PKI domains divide the wider network into localised security domains under the control of local authorities and within which the same local policy holds. Typically, an organisation would maintain its own domain or may locate each department within its own domain in a subordinate hierarchy, and the organisation will enforce its own particular policies within its domain(s).

As domains fit into a larger hierarchy, so too does policy. Default policy would flow through the 'root' of the hierarchy down into subordinate domains - from parent domain to child domain. Policy specified locally within a domain would override any policy default inherited from higher in the domain hierarchy and, where no local policy exists, inherited policy would be used.

3.5.3 Policy Negotiation

Policy, being typically specific to domains, is not likely to be identical between entities from different domains wishing to communicate. An integral role of policy is to specify local details in a manner which enables negotiation of the default characteristics which entities must use to communicate across the arranged channel.

If the negotiation process cannot be resolved, in instances where policies are mutually exclusive, then the options of an unsecured connection or termination of the session should be provided.

4 Conclusion

DSTC has designed and implemented (to v1.0) a PKI based on X.509 and PKIX standards documents which supports interdomain scalablity, full revocation and version 3 X.509 certificate format.

This design and implementation identified a number of outstanding and quite difficult issues which impact upon both the design and implementation of an infrastructure for public key technology. Interdomain hierarchy, certificate retrieval and trust are problems which, although theoretically solved, remain to be proven in practice. We hope to use the DSTC PKI model to answer these questions from an operational perspective.

The proposed structure of CA, CS and CRS, where the CA is the trusted third party, maintains a very localised trusted computing base and minimises the risk of compromise. Off-line certification and secured communications channels also add to the security of the servers within the domain unit. Interdomain security is maintained through limited access via the CS and cross-certification between the CAs of trusting domains.

Policy remains an unresolved problem. Two main problems exist: how policy is managed within the PKI (including policy propagation and inheritance) and how policy is specified. The former has a variety of proposed solutions such as local domain-based policy or policy CAs which specify default policy within the PKI hierarchy. The latter is a question of what language is satisfactory for specifying policy. Subsequently, this begs the question of what aspects of the PKI can and should be specified by policy and what policy choices different types of organisations might wish to specify.

Bibliography

1: Standards Australia (1996) Strategies for the implementation of a public key authentication framework in Australia, Draft, April.
2: Housley, R., Ford, W. & Solo, D. (1996) Internet Public Key Infrastructure, PKIX Working Group.
3: Rivest, R. L., Shamir, A. & Adelman, L. (1978) A method for obtaining digital signatures and public-key crypto-systems, Communications of the ACM, 21(2):120-126.
4: RSA Laboratories (1993) PKCS: RSA Encryption Standard, Version 1.5, Technical Note
5: Rivest, R. L. (1992) The MD5 message digest algorithm, Internet Activities Board, Internet Privacy Task Force, RFC 1321.
6: Open Systems Connection (nd) Information Technology - Open Systems Interconnection - The Directory, Open Systems Interconnection, ISO/IEC 9594-9.
7: Ford, W. (1994) Computer Communications Security, Prentice Hall, Eaglewood Cliffs, New Jersey.
8: Anderson, A., Blakely, B. & Blauner, C. (1996) Architecture for Public-Key Infrastructure, APKI Working Group.
9: Zimmerman, P. R. (1995) The Official PGP User's Guide, MIT Press, Boston.

Return to Conference Proceedings