A PKI should provide different types of services for the organization.
While more and more PKI-ish services are created in the recent years. Three core ones should be implemented in any case.
Authentication - Assurance to one entity that another entity is who the cn claims to be
Integrity - Assurance to an entity that data has not been changed (intentionally or not) between two communication points.
Confidentiality - Assurance to an entity that no one can read a particular piece of data except the intended recipient.
Two favors
Entity identification: Idenify the specific entity involved, not related to other activities (e.g. what the entity could do).
Use to produce a "yes" or "no" to enable other activities to follow (E.g. ACL to access file, or use symmetric key to decrypt file)
Local authentication - normally involves the user directly (with uid, password, pin, etc)
Remote authentication - may or may not involve the user directly. Actually, remote authentication systems do not want to link user because:
- Avoid passing authentication materials (uid / password) over insecure network
- SSO might not be supported. So, re-authenticate over and over again is not good.
Use a "token" to indicate to the remote system that authentication is resulted, instead of passing the authentication materials around. (also called subequent authentication).
Single factor versus Multi-factor authentication
The four most common factors are:
Something you have (ATM card, a smart card, securID token)
Something you know (pin, password, passcode)
Something you are (thumbprint, retinal scan)
Something you do (such as handwriting / signature)
Single is picking one factor. Multi-factor is picking more than one factor.
Two factor authentication is the most popular in the commercial world. E.g. smart card (pin + chip). securID (tokencode + pin)
Makes impresonation very difficult
Second favor
Data origin identification: Identify an entity as the source or origin of a given piece of data.
This is not isolation identification. It is intended to statically and irrevocably binding the identified entity to some particular data, regardless of any subsequent activities in which the entity might engage later.
Provide support for non-repudiation
PKI normally does not do initial authentication. User does not generate private key on the fly. Userid and password is the most common way
Remote authentication would use PKI (to conveyed from local to remote system). PK technology is used to achieve the authentication using sophisticated challenge-response protocols and signed messages.
Remote Authentication
Traditional authentication
Richard needs to logon to Carmen
The only way for Carmen to verify Richard is to compare something common that they have (in most cases, it is the userid and password)
Richard send userid and password to Carmen
Carmen compares the userid and password to what Carmen stores, and authenticate Richard into the system.
(In this case, userid and password need to send over the network)
PKI authentication
Carmen transmits a challenge (a randam piece of text) to Richard
Richard uses his private key to sign the challenge into a "signed challenge"
The signed challenge is transfered from Richard to Carmen
Carmen use the public key of Richard to verify the "signed challenge" is correct.
(No authenication material is sent over the network)
(The main idea is that a user only needs to sign on to a local system to gain access of his/her private key, then use the signing method to authenticate to all the remote systems in the network)
(It depends on one thing! A certificate with public key is available)
Authentication could be done with digital signature
Digital signature is computed over the hash of one of the following:
Some data to be authenticated <- data origin authentication
Some request that the user intends to send to a remote device <- entity authentication
A random challenge issued by a remote device (the above case) <- entity authentication
Data integrity is the assurance of non-alternation.
The stored data or the transmitting data must not be changed.
Parity bits and Cycle Redundancy Code (CRCs) could be used to avoid some data integrity.
CRCs are good for accidental bit error detection. But data manipulation of the whole data set cannot be avoid
PKI with signing ability could assure data integrity
Digital signature can not only provide authenticity but also integrity over the signed data
If data is changed, the digital signature will not be verified
MAC (Message Authentication Code) or HMAC-SHA1 (some cryptograaphic hash function) could also be used. These are symmetric key method, but the key can be distributed by PKI.
This will then be a key exchange method
1. Generate a fresh symmetric key
2. Use the symmetric key to generate a MAC for the data
3. Encrypt the symmetric key for Richard using his encryption public key
4. Send the data to Richard along with the encrypted symmetric key
OR
1. Use Richard's public key in combination with Carmen's private key to generate a symmetric key
2. MAC the data using that symmetric key
3. Send the data to Richard along with her public key certificate
Richard then regenerates the symmetric key using Carmen's public key (from the certificate) and his own private key to verify the integrity of the data
It is the assurance of data privacy
Confidentiality must be employed for all sensitive data
PK crytography with key exchange could be employed
Use:
Carmen generates a symmetric key
The symmetric key is used to encrypt the data
The encrypted data is sent to Richard along with Carmen's public key (in a certificate) or with a copy of symmetric key encrypted with Richard's encryption public key