Understand PKI/CA in one article

1. Information Security

With the rapid development of new technologies and applications such as digital economy, Internet finance, artificial intelligence, big data, and cloud computing, a series of new business models and models have been born. Information security has become one of the most important issues that the information society must urgently address.

1. 1 The main form of attack

Since the storage, transmission, and processing of information are often carried out in an open network, information is vulnerable to various attack methods such as eavesdropping, interception, tampering, forgery, counterfeiting, and replay. Among them, interception is a passive attack, while interruption, tampering, forgery, and replay are all active attacks.

(1) Interruption : Interruption, also known as denial of service, refers to preventing or prohibiting the normal use or management of communication facilities, which is an attack on availability. This kind of attack generally has two forms: one is that the attacker deletes all protocol data units passing through a certain connection, thereby suppressing all messages from pointing to a specific destination; the other is to paralyze or collapse the entire network, and possible means It is overloading the network by spamming messages, making the network unable to work normally.

(2) Interception (Interception) : Interception is an unauthorized eavesdropping or monitoring of transmitted messages to obtain access to a resource, which is an attack on confidentiality. Attackers typically eavesdrop on the network by "tapping wires" to obtain the content of their communications.

(3) Modification (Modification) : Modification is to modify the data flow. Some parts of a legal message are changed, the message is delayed, or the order is changed to generate an unauthorized, special-purpose message. It is a protocol for connections. Attacks on the authenticity, integrity, and orderliness of data units.

(4) Fabrication : Forgery refers to disguising an illegal entity as a legal entity, which is an attack on the authenticity of the identity. It is usually combined with other forms of active attack to have an attack effect. For example, the attacker replays the previous A record of a legitimate connection initialization sequence, thereby gaining certain privileges that it does not have itself.

(5) Replay : Replay intercepts a data unit and retransmits it, generating an unauthorized message. In this attack, the attacker records a communication session and then replays the entire session or a portion of it at a later point.

1.2 Objectives of information security

Information security mainly ensures the security of the following five aspects:

(1) Confidentiality

Confidentiality refers to ensuring that information is not leaked to unauthorized users or entities, ensuring that stored information and transmitted information can only be obtained by authorized parties, and that unauthorized users cannot know the content of the information even if they obtain the information. Usually access control is used to prevent unauthorized users from obtaining confidential information, and encryption is used to prevent unauthorized users from obtaining information content.

(2) Integrity

Integrity refers to the characteristics that information cannot be tampered with without authorization, ensuring the consistency of information, that is, there should be no artificial or non-human unauthorized tampering (insertion, modification, deletion) in the process of information generation, transmission, storage and use. , reordering, etc.). Generally, access control is used to prevent tampering, and at the same time, it is checked by a message digest algorithm .

(3) Authentication

Authenticity (authenticity) refers to ensuring that the source of a message or the message itself is correctly identified, and at the same time ensuring that the identification has not been forged, through **digital signatures, message authentication codes (MAC)** and other methods. Authentication is divided into message authentication and entity authentication.

• Message authentication refers to the ability to assure the receiver that the message is indeed from the source it claims.
• Entity authentication refers to ensuring that the two entities are credible when the connection is initiated, that is, each entity is indeed the entity they claim, and the third party cannot impersonate any of the two legal parties.

(4) Non-Repudiation (Non-Repudiation)

Non-repudiation refers to the ability to ensure that users cannot deny the generation, issuance, and reception of information after the fact. It is a security requirement for the authenticity and consistency of information between all parties in communication. In order to prevent the sender or the receiver from denying the transmitted message, it is required that neither the sender nor the receiver can deny the behavior performed. Provide anti-repudiation service through digital signature .

• When sending a message, the receiver can verify that the message was indeed sent by the intended sender, which is called source non-repudiation
• When the receiver receives a message, the sender can verify that the message has indeed been sent to the designated receiver, which is called sink non-repudiation.

(5) Availability

Availability refers to the ability to ensure that information resources can provide services at any time, that is, authorized users can access the required information in a timely manner as needed, and ensure that legitimate users are not illegally denied the use of information resources.

2. PKI

2.1 Basic concepts

Public Key Infrastructure (PKI, Public Key Infrastructure) is based on public key cryptography and provides infrastructure for security services. The core is to solve the trust problem in information network space and determine reliable digital identities. It is widely used in e - commerce , e-government and other fields.

PKI technology is based on public key technology, uses digital certificates as the medium, combines symmetric encryption and asymmetric encryption technology, and binds the identity information of individuals, organizations, and devices with their respective public keys. Keys and certificates establish a safe and trusted network operating environment for users, so that users can easily use encryption and digital signature technologies in various application environments to ensure the confidentiality, integrity, authenticity and authenticity of transmitted information denial .

2.2 Composition of PKI

A typical PKI system includes certification authority CA, certificate store, key backup and recovery system, certificate revocation and key update mechanism, PKI application interface system and other parts.

• CA (Certificate Authority) : Also known as the certificate authority, it is the core component and executive body of PKI. It issues a digital certificate for each user using the public key, proving that the users listed in the certificate legally own the certificate. Listed public keys . The certification center should also include a certificate application registration authority RA (Registration Authority), which is a registration and approval authority for digital certificates.

• Certificate repository (directory service) : used to publish user certificates and certificate revocation lists (CRL, Certificate Revocation List), through which users can obtain certificates and public keys of other users.

• Key backup and recovery system : Key backup and recovery are the main content of key management. For some reasons, the user will lose the key to decrypt the data, so that the encrypted ciphertext cannot be unlocked, resulting in the loss of legal data . In order to avoid this situation, PKI provides a key backup and key recovery mechanism: when the user certificate is generated, the encryption key is backed up and stored by the CA; when it needs to be restored, the user only needs to apply to the CA, and the CA will Recovery is done automatically for the user. However, it should be noted that the backup and recovery of the key must be completed by a trusted organization. Moreover, the key backup and recovery can only be for the decryption key, and the signature private key cannot be backed up to ensure its uniqueness.

• Application Interface (API) : Provide various applications with a safe, consistent, and trustworthy way to interact with PKI, enabling users to easily use security services such as encryption and digital signatures to meet the requirements of querying certificates and related certificate revocation information, Certificate path processing, and requests for time stamps for specific documents ensure that the established network environment is safe and reliable, and reduce management costs.

3. Digital certificate

3.1 Basic concepts

A digital certificate, also known as a public key certificate, is a document signed by the authoritative certification center CA that contains the public key and the identity information of the public key holder . to help users securely obtain the public key of the other party.

X.509 is a set of certificate standards defined by the ITU-T standardization department, which is widely used in many Internet protocols including TLS/SSL. The format is as follows:

The content of the digital certificate includes:

• Version number: distinguish different versions of x.509.
• Serial number: The unique digital identification assigned to each certificate by the CA.
• Certification authority ID: the X.500 name of the unique CA of the authority that issued the certificate.
• Subject ID: The name of the certificate holder.
• Subject public key information: the public key corresponding to the subject's private key.
• Certificate validity period: The certificate validity period includes the certificate start validity period and the certificate expiration period.
• Key/Certificate Usage: Describes the legitimate use of the subject's public/private key pair.
• Certification authority signature: A digital signature generated with the certification authority's private key.
• Extension: Additional information about the certificate.

3.2 Certificate Generation and Verification

(1) Generation of certificate

During the certificate enrollment process

• The CA performs Hash on the file T containing information such as the public key of the certificate applicant entity and its identity, and generates a hash value H.
• The CA encrypts the hash value H with its private key to generate a digital signature S.

The digital signature S and the file containing the public key of the certificate applicant entity and its identity form the digital certificate of the applicant entity.

(2) Verification of the certificate

The verifier obtains the digital certificate of the entity: the file T containing information such as the public key of the certificate applicant entity and its identity, and the digital signature S of the hash value of the file T by the CA.

• The verifier decrypts the digital signature S with the public key of the CA, and obtains the hash value H.
• At the same time, the verifier uses the Hash algorithm in the certificate to hash the file T to obtain H'.
• The verifier compares whether H' is equal to H, and if it is equal, it means that the certificate is credible.

3.3 Certificate chain

In the application of PKI, the user's trust comes from the verification of the certificate, and this trust is based on the trust of the trusted third-party CA that issues the certificate itself.

X.509 stipulates that CAs are organized in a directory information tree (DIT). The highest-level CA is called the root CA (Root-CA). Certificate verification between users requires a chain** (certificate chain)** generated by the other party's certificate. Starting from the root certificate, through layers of trust (A trusts B, B trusts C, and so on), the holder of the end-entity certificate can obtain the trust of the transfer to prove the identity.

Take Baidu's certificate as an example:

Through the tree structure diagram, you can see that baidu.comthe certificate used by this domain name is GlobalSign RSA OV SSL CA 2018issued by , while GlobalSign RSA OV SSL CA 2018the certificate issued by GlobalSignthe root CA (Root CA) is a trusted one that can be installed on the operating system Found in the list of root certificatesGlobalSign

3.4 Certificate Management

(1) Certificate Enrollment

(2) Certificate Revocation

A certificate is revoked when conditions (revision of certificate information, etc.) require the validity period of the certificate to expire before the certificate end date, or require the user to be separated from the private key (the private key may be leaked in some way).

4. Timestamp service

Since the user's desktop time is easy to change, the timestamp generated by the time is unreliable, so a trusted third party is needed to provide a reliable and non-repudiable timestamp service.

Time Stamp Authority (TSA, Time StampAuthority), which is an important part of PKI, as a trusted third-party time authority, its main function is to provide reliable time information to prove that a document (or a piece of information) A time (or before) exists to prevent users from falsifying data for fraudulent activities before or after this time.

The time stamp service is that the time stamp protocol (TSP, TimeStamp Protocol) provides evidence that data exists at a specific time through the TSA service.

TSA workflow:

• (1) The client calculates the digital fingerprint of the selected file, usually doing a Hash.
• (2) The client will send the Hash value of the file to TSA, and TSA will add the current time value to the digital fingerprint, then use the private key to digitally sign the information, and generate a time stamp (Time stamp).
• (3) TSA returns the timestamp to the client for storage (the client needs to verify the validity of the timestamp), so that the timestamp is tied to the file as evidence that the file is valid within a certain period of time.