Information Security - Key Management

Language 2023-09-11 19:01:25 views: null

        According to the perspective of modern cryptography, the security of the key system should only depend on the security of the key, not on the confidentiality of the cryptographic algorithm. Therefore key management is crucial.

Technically speaking, key management includes a series of technical issues such as the generation, storage, distribution, organization, use, replacement and destruction of keys. Each key has its life cycle, and key management is to manage each stage of the entire life cycle. Different key systems have different management methods. Key management is an important part of data encryption technology, and its purpose is to ensure the security (authenticity and validity) of keys. A good key management system should do the following:

  • (1) The key is difficult to be stolen.
  • (2) It is useless to steal the key under certain conditions, and the key has limitations on the scope of use and time.
  • (3) The key distribution and replacement process is transparent to users, and users do not necessarily have to personally control the keys.

        In addition, it should be noted that the key management of symmetric cryptography and the key management of asymmetric cryptography are completely different.

1. Key management of symmetric cryptosystem

        The encryption key of the symmetric cryptosystem is equal to the decryption key, so the confidentiality, authenticity and integrity of the key must be protected at the same time. This creates complexities in key management. For large network systems, key management is particularly difficult due to the large number and types of keys required. The promulgation and wide application of the famous DES has prompted people to study the traditional password management theory and technology, so ANSI promulgated the ANSI X9. guide.

1.1. Key classification

        Keys are divided into primary keys, secondary keys and master keys. ANSI X9.17 supports this three-level key organization.

1.1.1. Primary key

        The primary key is the key actually used to encrypt and decrypt data, and its name varies depending on its scope of use. For example, the primary key used for communication security is primary communication key, the one used for file security is called primary file key, and the one used for communication session security is called primary session key.

        The primary key can be generated by the system through hardware or software at the request of the entity, or it can be provided by the user himself. In principle, the primary communication key and primary session key adopt the "one-time pad" method in which one key is used only once. In other words, the primary communication key and primary session key only exist when data is exchanged between two application entities, and their life cycle is very short. A primary file key has as long a lifetime as the file it protects.

        The primary key cannot be stored in clear text in the system and must be encrypted and stored with a higher-level key.

1.1.2. Secondary key

        The secondary key is used to protect the primary key. When the secondary key is used to protect the primary communication key, it is called a secondary communication key, and when it is used to protect the primary file key, it is called a secondary file key.

        Secondary keys can be generated by the system itself at the request of a full-time key installer, or they can be provided by a full-time key installer. The life cycle of secondary keys is generally longer. Likewise, secondary keys cannot be stored in the system in clear text and must be protected by higher-level keys.

1.1.3. Master key

        The master key is the highest-level key in the key management scheme and is used to protect secondary keys.

        The master key is randomly generated by key personnel and properly installed. Master keys have a long lifespan.

1.2. Key generation

        The security of the algorithm depends on the key. If a weak key generation method is used, then the entire system is weak. Because the key generation algorithm can be broken, the attacker does not need to try to break the encryption algorithm.

        Good keys are random binary numbers generated by automated processing equipment. If the key is 64 bits long, every possible 64-bit key must be generated with equal probability. These keys are generated either from a reliable source of randomness (such as a coin toss or a noise generator) or from a secure pseudo-random bit generator. At the same time, good encryption algorithms and key management procedures are required.

        Many encryption algorithms have weak keys. For example, DES will have 16 weak keys in every 256 keys.

        For public key cryptography, generating keys is more difficult because the keys must satisfy certain mathematical characteristics (must be prime, quadratic remainder, etc.), and from a key management point of view, the key generator The random seed must also be random.

        A basic requirement for the key is to have good randomness, which mainly includes long-term periodicity, nonlinearity, equal probability in the statistical sense, and unpredictability. A truly random sequence is non-reproducible and cannot be regenerated by anyone. Efficiently generating high-quality true random sequences is not an easy task. Therefore, it is practical to use different random sequences for different situations. For example, for the master key, a high-quality true random sequence should be used. For the primary key, it is not necessary to use a true random sequence, but a sufficiently random pseudo-random sequence is sufficient.

1.2.1. Generation of master key

        The master key is the highest level key in the cryptosystem. It is used to protect other keys and has a long life cycle, so its generation must be done with great care.

        The master key should be a high-quality true random sequence. True random numbers should be extracted from random phenomena in nature. The general principle is to process random analog signals in nature properly and then digitize them. Theoretically, the selection of random sources has a certain degree of freedom, and different random sources can be selected according to different applications. But not many are suitable for use as keys, and the random sequences generated by some natural random phenomena are not good. Therefore, a combination of true randomness and pseudo-randomness is sometimes used to generate high-quality random numbers as the master key.

        True random numbers are often generated using physical noise sources. There are mainly mechanics-based noise sources and electronics-based noise sources. Mechanics-based noise sources often use the randomness of coins and dice toss to generate keys, but their efficiency is low and they are rarely used. Key generation technology based on electronic noise source is the most important key generation technology at present. For example, the thermal noise of noise devices (such as MOS transistors, Zener diodes, resistors, etc.) is amplified, filtered, sampled, and quantized by electronic methods to generate a random key and made into a random number generator chip.

1.2.2. Generation of secondary key

        A truly random secondary key can be generated just like the primary key. In particular, it is more convenient to use a true random number generator chip to generate a secondary key.

        It is also possible to generate a secondary key using the primary key and a strong cryptographic algorithm. A strong cryptographic algorithm can be used as a random number generator with good randomness.

1.2.3. Primary key generation

        For security and simplicity, the random number is usually regarded as a primary key encrypted by a high-level key (primary key or secondary key). Therefore, the random number is decrypted to obtain the primary key.

1.3. Key storage and backup

        The safe storage of keys is a very important link in key management, and it is also a relatively difficult link.

        The so-called secure storage of keys is to ensure the confidentiality, authenticity and integrity of the keys in the storage state. Safe and reliable storage media are the material conditions for safe key storage, and secure and tight access control mechanisms are the management conditions for safe key storage. Only when these two conditions are met at the same time can the secure storage of keys be ensured.

        The principle of secure key storage is not to allow the key to appear outside the key management device in plain text.

        To further ensure the security of keys and encrypted data, it is necessary to back up the keys. The purpose is that once the key is destroyed, the backup key can be used to restore the original key or encrypted data to avoid losses. Key backup is essentially a kind of storage.

        There are three storage forms of the key: plaintext form, ciphertext form, and component form.

  • Plain text form means that the key is stored in plain text form.
  • The ciphertext form means that the key is encrypted and stored.
  • Component form means that the key is stored in the form of components. The key component is not the key itself, but part of the parameters used to generate the key. The real key can only be generated under the joint action of all key components, and only the One or some of the components cannot be calculated for other components. "Secret splitting" is an important method to store keys in component form.

1.3.1. Key storage

        Different levels of keys should adopt different storage forms, and different forms of keys should adopt different storage methods.

1) Storage of master key

        The master key is the highest level key and is mainly used to protect secondary keys and primary keys. The master key has the highest security requirements and a long life cycle, so it needs to be stored in the most secure method.

        Since the master key is the highest level, it can only be stored in clear text, otherwise it won't work. This requires that the memory must be highly secure, not only physically secure, but also logically secure. This is usually stored in a dedicated cryptographic device.

2) Storage of secondary keys

        Secondary keys can be stored in clear text or cipher text. If stored in clear text, like the master key, it must be stored in a dedicated key device. If stored in ciphertext, the memory requirements are reduced. It is common to store secondary keys in the form of high-level key encryption. This can reduce the number of plaintext keys and facilitate management.

3) Storage of primary keys

        Primary file keys and primary session keys are two types of primary keys with different properties, so the storage methods are also different.

        Because the lifetime of a primary file key is as long as the life of the file being protected, sometimes much longer, the primary file key needs to be stored properly. The primary file key is generally stored in ciphertext, and the primary file key is usually stored in a form encrypted with the secondary file key.

        Since the primary session key works according to the "one-time pad" method, it is dynamically generated when used and destroyed immediately after use, and the life cycle is very short. Therefore, the storage space of the primary session key is the working memory, and the security of the working memory should be ensured.

1.3.2. Key backup

        Backing up your keys is a surefire way to keep your keys and data safe. There are many ways to back up. In addition to the user's own backup, it can also be backed up by a third party, or it can be entrusted with a key escrow agency for backup in the form of key components. With a backup in place, the key can be restored if needed, thereby avoiding loss.

        Regardless of the backup method, the backup of the key should follow the following principles:

  • (1) The backup of the key should be on a different device, or even in an off-site location. If it is the same device, when the key storage device fails, the backup key will also be destroyed, so it cannot serve as a backup. Off-site backup can prevent the key and backup key from being damaged at the same time due to an attack on the site.
  • (2) The backed-up key should be protected in the same way as the storage key, including physical security protection and logical security protection.
  • (3) In order to reduce the number of keys in the plaintext form, it is generally used to back up the low-level keys by using high-level keys to protect the low-level keys.
  • (4) Advanced keys cannot be backed up in ciphertext form. To further enhance security, multiple key components can be backed up. Each key component should be backed up to different devices or different locations, and designated personnel should be responsible for each.
  • (5) The backup of the key should be easy to recover, and the recovery of the key should be authorized and follow the security rules and regulations.
  • (6) The backup and recovery of the key must be logged and audited.

1.4. Key distribution

        Key distribution refers to the process of generating keys and delivering them to users. There are two types of key transmission: centralized transmission and decentralized transmission. Centralized transmission refers to the overall transmission of the key. At this time, the master key needs to be used to protect the transmission of the session key, and the master key is transmitted through a secure channel. Decentralized transmission means that the key is decomposed into multiple parts and transmitted by secret sharing method. As long as a part arrives, it can be recovered. This method is suitable for transmission in insecure channels.

1.4.1. Distribution of master key

        The security requirements of the master key are the highest, and the life cycle is very long, so the most secure distribution method is required. Generally, the master key is distributed manually, which is assigned by a professional key distribution personnel and properly installed by a professional installation personnel.

1.4.2. Distribution of secondary keys

        After the primary key is distributed and installed, the distribution of secondary keys is easily solved. One approach is to have a dedicated key assigner distribute it like a master key and have it installed by a dedicated installer. Although this manual allocation method is safe, it is inefficient and does not meet the needs of the computer network environment. Another method is to directly use the already distributed and installed master key to encrypt and protect the secondary key, and use the computer network to automatically transmit and distribute it. At the sending end, the master key is used to encrypt the secondary key, and the ciphertext is sent to the other party. The other party uses the master key to decrypt the secondary key, and properly installs and stores it, as shown in Figure 7-1. Where Knc is the secondary key to be distributed and Km is the primary key that has been distributed and installed.

1.4.3. Distribution of primary keys

        Since the primary key works according to the "one-time pad" method, its life cycle is very short, but the speed of its generation and distribution is required to be very high. For safety and convenience, a random number is usually directly regarded as the result of a primary key being encrypted by a high-level key (master key or secondary key, usually a secondary key), so that the primary key The result is in ciphertext form.

        Note that this random number is the real primary key after being decrypted.

        Therefore, the distribution of the primary key becomes very simple. The sender directly transmits the random number (primary key in the form of cipher text) to the other party through the computer network, and the receiving end uses the advanced key to decrypt to obtain the primary key. The distribution process is shown in the figure As shown in 7-2. Among them, RN is a random number, Knc is the secondary key, and Kc is the primary key.

        In the actual transmission process, it is also necessary to consider that the transmitted content may be intercepted, forged, and tampered with, so appropriate protocols must be constructed to prevent these attacks.

1.4.4. Distribution using public key cryptography

        The public key cryptography system is used to distribute the session key of the symmetric cipher, and then the session key of the symmetric cipher is used to encrypt and protect the session. It is a better key to combine the convenience of the public key cipher with the speed of the traditional cipher. Allocation method. This method has been adopted by the International Organization for Standardization and is used in many countries.

        When A wants to communicate with B, A generates a public key-private key pair and sends the generated public key and A's identity to B. After receiving A's message, B generates the session key Ks, encrypts it with the generated public key and sends it to A. A uses the private key to decrypt and obtain the session key Ks. At this time, A and B can use the session key Ks to communicate using symmetric encryption. After that, A destroys the public key-private key pair generated this time, and B destroys the public key obtained from A.

1.5. Key update

        Key updating is a very troublesome part of key management and must be carefully planned and implemented with caution. When the key's useful life has expired, or when a key leak is suspected, the key must be updated. Key renewal is a basic principle of cryptography. The more frequent the key is updated, the more secure it is, but it is also more troublesome.

1.5.1. Update of master key

        The master key is the highest level key, which protects the secondary and primary keys. The life cycle of the master key is the longest, so the time interval for replacing the master key due to expiration of the usage period is long. When updating, you must reinstall, and the security requirements are the same as the initial installation. It is worth noting that an update of the master key will require that both the secondary and primary keys it protects be updated. Therefore, the update of the master key is very troublesome.

1.5.2. Update of secondary key

        When the secondary key expires or needs to be replaced due to leakage, the secondary key must be regenerated and properly installed. It also requires updating of the primary key it protects.

1.5.3. Update of primary key

        The primary session key works as a "one-time pad" so updating is very easy. Primary file key update is much more cumbersome, decrypting the original ciphertext file and re-encrypting it with the new primary file key.

1.6. Termination and destruction of keys

        Key termination and destruction are also important aspects of key management, but they are easily overlooked. When the key usage period expires, the use of the key should be terminated immediately and replaced with a new key. Keys that are terminated are not destroyed immediately, but need to be retained for a period of time. This is to ensure that other keys and data protected by it are handled properly. As long as the key has not been destroyed, it should be properly protected.

        Key destruction is to completely erase all storage status and related information of the key, making it impossible to repeat the key. This includes not only the key and related information in the state of generation, distribution, storage and work, but also the key and related information in the backup state.

        It is worth noting that a proper method of clearing the memory should be adopted. For magnetic memory, simply deleting, clearing or writing 1 is not safe.

2. Key management of public key cryptography system

        Since the public-key cryptosystem and the symmetric cryptosystem are two cryptosystems with different properties, their key generation and management are also completely different.

        The key of the symmetric cryptosystem is essentially a random number or a random sequence, while the public key cryptosystem is essentially a one-way trapdoor function based on a certain mathematical problem. Different public key cryptosystems are based on different mathematical problems, so the specific requirements for key generation are also different.

        Therefore, there is an essential difference between the key management of the public key cryptosystem and the key management of the symmetric cryptosystem.

2.1. Distribution of public keys

        There is only one key for encryption and decryption in the symmetric key cryptosystem mentioned above, so its confidentiality, authenticity and integrity must be guaranteed in key distribution. The public key cryptography system has two keys. The confidentiality, authenticity and integrity of the private key must be ensured when distributed. For the public key, its authenticity and integrity must be guaranteed, and attackers must not be allowed to replace or tamper with it. The user's public key.

There are several ways to distribute public keys from simple to complex:

(1) Public release : The user sends his public key to all other users or broadcasts to a certain group. For example, post your own public key on a BBS or mailing list. This method is convenient and fast, and everyone can easily publish their own public key. But the shortcomings are also obvious, and it is easy to be impersonated or modified. So this method is generally used for simple personal applications, or in some small networks.

(2) Public key dynamic directory table : Establish a public public key dynamic directory table. The creation and maintenance of the table and the distribution of public keys are undertaken by a public key management agency. Each user can reliably know the public key of the management agency. . However, in this method, every user who wants to communicate with others must turn to the public key management agency, which may form a bottleneck, and the public key directory table is also easily tampered with. Therefore, this method is only suitable for small networks, such as enterprise LANs.

(3) Digital certificate : The most secure and effective way to distribute public keys is to use a digital certificate, which is established for users by the certificate management authority CA and is actually a data structure. Among the data items are the user's public key, user's identity and timestamp, etc.

2.2. Digital certificate

        The public key needs to ensure integrity and authenticity. Direct disclosure like a phone number cannot prevent others from tampering, impersonation, and forgery. As mentioned earlier, one of the methods to ensure integrity and authenticity is digital signature. Assume that an entity X is trusted. All public keys are verified by entity X and then signed and stored in a database. Entity X makes its public key public. Then each time a public key is taken out, the user verifies whether the signature of entity X is complete, so that tampering with the public key can be discovered. Furthermore, if the user's identifier and the user's public key are linked together for signature, it can prevent someone from impersonating or forging the public key.

        It can be seen that the use of digital signature technology can ensure the safe distribution of public keys. The set of information signed by entity X is called a certificate, and the trusted entity X is called a certificate authority (CA).

        A certificate is a data structure, a collection of information signed by a trusted authority. There are many types of certificates, such as X.509 public key certificates, simple PKI certificates, PGP certificates, attribute certificates, etc.

        These certificates have different formats. Sometimes, a type of certificate can be defined as several different versions, and each version may be implemented in several different ways. For example, a Secure Electronic Transaction (SET) certificate is an X.509 version 3 public key certificate that is specifically extended for SET transactions.

        The concepts of certificates, public key certificates, and digital certificates are used confusingly. On many occasions, certificates and public key certificates are synonyms for X.509 public key certificates. The term digital certificate is sometimes used specifically to emphasize the electronic form of the certificate. This term can also cause confusion in some contexts, since various types of certificates are "digital". Therefore, unless the word is specifically explained, it does not have any more detailed proprietary meaning.

        The public key certificate contains the identification, public key and other relevant information of the certificate holder, and is protected by a digital signature through the issuing agency. Anyone who knows the public key of the visa agency can verify the authenticity of the signature, thus ensuring the authenticity of the public key and the strict binding between the public key and the certificate holder.

        There are many examples of using certificates in everyday life, such as a driver's license for a car. The driver's license (public key certificate) confirms the identity of the driver (user), indicating his ability to drive (public key), and the driver's license has the seal of the Public Security Bureau (the signature of the CA on the certificate). Anyone who trusts the Public Security Bureau ( CA), you can trust the driver's license (public key certificate).

        With the public key certificate system, if a user needs the public key of any other user who has registered with the CA, he can directly ask the certificate holder (or certificate authority) for its public key certificate, and use the public key of the CA to verify the public key of the CA. Sign to obtain a trusted public key.

        Since the public key certificate does not need to be kept secret, it can be distributed on the Internet, thereby realizing the safe distribution of the public key. With the signature, an attacker cannot forge a legitimate public key certificate. Therefore, as long as the CA is trusted, the public key certificate is also trusted. The acquisition of the CA public key is also carried out through a certificate, for which the CA also issues a public key certificate for itself.

        The main advantage of using public key certificates is that as long as users obtain the public key of the CA, they can securely obtain the public keys of other users. Therefore, public key certificates lay the foundation for the distribution of public keys and become a key technology for the application of public key cryptography in large-scale network systems. Large-scale network application systems such as e-commerce and e-government all use public key certificate technology.

2.3. X.509 certificate

        Currently, the most widely used certificate format is the X.509 version 3 format proposed by the International Telecommunication Union (Internet Telecommunication Union, ITU). X.509 is a digital certificate standard developed by the ITU. In order to provide public network user directory information services, ITU formulated the X.500 series of standards in 1988. X.500 and X.509 are the core of the security authentication system. X.500 defines a differential naming rule to ensure the uniqueness of user names using a naming tree; X.509 provides communication for Entity authentication mechanism, and stipulates the certificate syntax and data interface that are widely applicable in the entity authentication process. X.509 is called a certificate.

        The original X.509 version was published in 1988, and the proposed version 3 was published in 1994 and approved in 1995. Essentially, an X.509 certificate consists of a user public key and a user identifier, and also includes a version number, certificate serial number, CA identifier, signature algorithm identifier, issuer name, and certificate validity period.

        Figure 7-6 shows the certificate structure of X.509 version 3.

(1) Version number : Identifies the version of the X.509 standard used for this certificate, which can affect the information that can be specified in the certificate. So far, three versions have been defined.

(2) Certificate serial number : The entity issuing the certificate is responsible for assigning a serial number to the certificate to distinguish it from other certificates issued by the entity. This information has many uses. For example, if a certificate is revoked, its serial number will be placed in the Certificate Revocation List (CRL).

(3) Signature algorithm identifier : used to identify the algorithm used by the CA to sign the certificate.

(4) Issuer name : The identifiable name of the entity signing the certificate. It is usually a CA. Using this certificate means trusting the entity that signed the certificate.

Note: In some cases, the entity that signs the certificate also signs its own certificate. For example, the root or top-level CA will issue its own certificate.

(5) Validity Period : Each certificate can only be valid within a limited period of time. The validity period is expressed in terms of a start date and time and an end date and time, and can be as short as a few seconds or as long as a century. The chosen validity period depends on many factors, such as how often the private key used to sign the certificate is used and how much money you are willing to pay for the certificate. It is the estimated time an entity can rely on a public key without compromising the associated private key.

(6) Subject name : The entity name whose public key the certificate can identify. This name uses the X.500 standard and should therefore be unique across the Internet. This field must be non-null unless another name form is used in the extension.

(7) Subject public key information : This is the public key of the named entity, including the algorithm identifier specifying the public key cryptosystem to which the key belongs and all relevant key parameters.

(8) Issuer unique identifier (optional): The unique identifier of the certificate issuer is an optional field. This field is rarely used in practice and is not recommended by RFC2459.

(9) Subject unique identifier (optional): The certificate owner's unique identifier is an optional field and is used to identify the subject of the certificate when different entities reuse this certificate. This field is rarely used in practice. And is not recommended by RFC2459.

(10) Extensions (optional): After the promulgation of X. 509 version 2, people believed that there were still some shortcomings, so some extensions were proposed to be attached to the back of the version 3 certificate format. These extensions include key and policy information, subject and issuer properties, and certification path restrictions.

(11) Issuer's signature : Covers all other fields of the certificate, as well as the hash value, signature algorithm identification, etc. of these fields encrypted by the CA private key.

2.4. Public key infrastructure

        Public key certificates, certificate management organizations, certificate management systems, various software and hardware devices surrounding certificate services, and the corresponding legal basis collectively constitute the public key infrastructure (PKI). Public key infrastructure provides a series of basic services that support public key cryptography applications (encryption, decryption, signature and verification). Essentially, PKI is a standard public key cryptography key management platform.

        PKI uses certificates for public key management, and bundles the user's public key with other user identification information through a third-party trusted authority (CA), including user name, email address and other information, so as to use it on the Internet. Verify the user's identity.

        Therefore, from a large perspective, all systems that provide public key encryption and digital signature services can be attributed to part of the PKI system. The main purpose of PKI is to establish a secure environment for users by automatically managing keys and certificates. The network operating environment allows users to easily use encryption and digital signature technologies in a variety of application environments, thereby ensuring the confidentiality, integrity, and validity of online data.

        A simple PKI structure is shown in Figure 7-7.

        A simple PKI system includes certificate authority CA, registration authority RA and corresponding PKI repository. CA is used to issue and manage certificates; RA can be used as part of CA or independently, its functions include personal identity audit, CRL (certificate revocation list) management, key generation and key backup, etc.; PK1 repository includes LDAP directory server and ordinary databases, used to store and manage information such as user applications, certificates, keys, CRLs, and logs, and provide certain query functions.

        An effective PKI system must be secure and transparent. Users do not need to understand the inner workings of PKI in detail when obtaining encryption and digital signature services. In a typical, complete and effective PKI system, it should include the creation and issuance of certificates and the revocation of certificates. A usable PKI product must also provide corresponding key management services, including key backup, recovery and update. Without a good key management system, the scale, scalability and operating cost of a PKI system in a collaborative network will be greatly affected.

        The United States was the first country to promote the construction of PKI and established the Federal PKI Steering Committee as early as 1996. At present, the US federal government, state governments, and large enterprises have all established PKI. The more representative ones are VeriSign and Entrust. As the holding company of RSA, VeriSign provides PKI products with the help of RSA's mature security technology to provide security guarantee for internal information interaction between users. In addition, VeriSign also provides external CA services, including certificate issuance and management functions, and has maintained partnerships with some large manufacturers, such as Microsoft, Netscape and JavaSoft, to provide code signing services on the Internet.

        In 1998, China's telecommunications industry also established the first domestic industry CA. Since then, finance, industry and commerce, foreign trade, customs and some provinces and cities have also established their own industry CAs and local CAs. PKI has become the infrastructure for the development of e-commerce, e-government, and e-finance in countries all over the world.

2.4.1. Logical structure of PKI

        PKI is a set of security services provided by using public key technology and X.509 certificates in distributed computing systems. Enterprises or organizations can use related products to establish security domains and issue keys and certificates in them. In the security domain, PKI manages the issuance of encryption keys and certificates, and provides key management (including key update, key recovery and key delegation, etc.), certificate management (including certificate generation and revocation, etc.) and policy management, etc. .

        PKI products also allow an organization to establish trust relationships with other security domains through certificate authentication. These services and trust relationships cannot be limited to independent networks, but should be established between networks or even on the Internet to provide security for e-commerce and network communications. Therefore, structured and standardized technologies with interoperability have become the core of PKI. core.

        In practical application, PKI is a set of software and hardware systems and a collection of security policies. It provides a complete set of security mechanisms, so that users can use certificates as the basis and pass a series of trust relationships for communication and e-commerce transactions.

        A typical PKI logical structure is shown in Figure 7-8, which includes PKI policies, software and hardware systems, certificate authority CA, registration authority RA, certificate issuing system and PKI applications.

  • (1) PKI security policy: establishes and defines guidelines for an organization's information security, and also defines the processing methods and principles used by the cryptographic system.
  • (2) Certificate Authority CA: It is the trust basis of PKI. It manages the entire life cycle of the public key. Its functions include issuing certificates, specifying the validity period of certificates and issuing certificate revocation lists to ensure that certificates can be revoked when necessary.
  • (3) Registration authority RA: Provides an interface between the user and the CA, obtains and authenticates the user's identity, and submits a certificate request to the CA. It mainly completes the functions of collecting user information and confirming user identity. The user here refers to the customer who will apply for a digital certificate from the certification center CA, which can be an individual, a group or a group, or a government agency.
  • (4) Certificate issuance system: Responsible for issuing certificates, for example, through the user himself or through a directory service. The directory server can be existing in an organization or provided by a PKI solution.
  • (5) Digital certificate: In PKI, the most important information is the digital certificate, but all activities of PKI are carried out around digital certificates.
  • (6) PKI application: The application scope of PKI is very wide and is constantly developing. It can be said that PKI is used wherever public keys are needed, such as secure email, Web security, virtual private network, etc. .

2.4.2. Storage of certificates

        As an electronic data format, digital certificates can be downloaded directly from the Internet or stored in other ways.

        IC cards can be used to store user certificates. That is, the user's digital certificate is written into the IC card for the user to carry with him. In this way, users can enjoy secure e-commerce services on all e-commerce terminals that can read IC card certificates.

        User certificates can also be stored directly on disk or on your own terminal. Users download or copy the certificate applied from the CA to a disk or their own PC or smart terminal. When the user uses their own terminal to enjoy e-commerce services, they can read it directly from the terminal.

        In addition, CRL is generally stored on the client side through online downloading.

2.4.3. Application and revocation of certificate

        There are two ways to apply for a certificate, one is to apply online; the other is to apply offline. Online application is to apply for a certificate online through a browser or other application system. This method is generally used to apply for ordinary user certificates or test certificates. The offline method generally goes directly to the acceptance point of the certificate authority to handle the certificate application procedures manually, and obtains the certificate after passing the review. This method is generally used in more important occasions, such as server certificates and merchant certificates.

        Certificate revocation involves the management of CRL. The user sends an encrypted signed email to a specific operator (only responsible for the management of the CRL) stating that he or she wishes to revoke the certificate. The operator opens the email, fills out the CRL registration form, digitally signs it, and submits it to the CA. The CA operator verifies the digital signature of the registration authority operator, approves the user's certificate revocation, and updates the CRL. The CA then outputs the CRL in different formats to the registration Organization, publish it to a secure server so that others can obtain the CRL by accessing the server.

        In a PKI, especially in a CA, information storage is a very core issue, which includes two aspects: First, the CA server uses a database to back up current keys and archive expired keys. The database needs to be highly secure and confidential. , whose security level is the same as that of the CA itself; the other is the directory server, which is used to distribute certificates and CRLs. Generally, an LDAP directory server is used.

2.4.4. PKI key management

        Key management is a core issue in PKI (mainly CA), which mainly refers to the security management of key pairs, including key generation, key backup, key recovery and key update.

1) Key generation

        The generation of a key pair is an important step in the certificate application process. The generated private key is retained by the user, and the public key and other information are handed over to the CA center for signature to generate a certificate. Depending on the certificate type and application, there are different forms and methods of key pair generation. For ordinary certificates and test certificates, they are generally generated by browsers or fixed terminal applications. The keys generated in this way are less strong and are not suitable for use in more important secure network transactions. For more important certificates, such as merchant certificates and server certificates, key pairs are generally generated directly by dedicated applications or CA centers. The keys generated in this way are strong and suitable for important applications.

        In addition, depending on the application of the key, there may be different generation methods. For example, the signing key may be generated at the client or the RA center, while the encryption key needs to be generated directly at the CA center.

2)Key backup and recovery

        In a PKI system, it is crucial to maintain a backup of key pairs. Without this measure, when the key is lost, it will mean a complete loss of encrypted data. For some important data, this will be catastrophic. . Therefore, key backup and recovery are also an important part of PKI key management. Enterprises and organizations using PKI must be able to obtain confirmation that even if the key is lost, the important information protected by the key encryption must be able to be recovered, and that an independent individual cannot be given complete control over the most important master key, otherwise it will cause Serious consequences.

        Enterprise-level PKI products should at least support the storage, backup, and recovery of security keys used for encryption. Keys are typically protected with passwords, and losing passwords is one of the most common security lapses made by administrators. Therefore, PKI products should be able to back up the key and allow users to restore the key and set a new password under certain conditions even if the password is lost.

        In addition, enterprises using PKI should also consider the life cycle of the keys used, including the validity time of keys and certificates, and the maintenance time of revoked keys and certificates.

3) Key update

        Each certificate issued by a CA will have a validity period. The length of the key pair's life cycle is determined by the CA center that issued the certificate. The validity period of the certificate of each CA system is different, generally about 2 to 3 years.

        When the private key is compromised or the certificate's validity period is about to expire, the private key should be updated. At this time, you can revoke the certificate, generate a new key pair, or apply for a new certificate.

2.4.5. Use of certificates

        In practical applications, in order to verify the digital signature of information, you must first obtain the public key certificate of the information sender, as well as some additional required certificates (such as CA certificates, etc., used to verify the validity of the sender's certificate). The certificate can be obtained in many ways, such as the sender attaches its own certificate when sending the signature information, or sends the certificate with another separate information, or it can be obtained by accessing the directory server where the certificate is issued, or directly from the entity related to the certificate. Obtained everywhere. In a PKI system, certificates can be obtained in one or more of the above ways.

        In e-commerce systems, certificate holders can be individual users, enterprises and institutions, merchants, banks, etc. No matter which party in the e-commerce, they follow the same verification process when using certificates to verify data. A complete verification process has the following steps:

  • (1) The verifier decrypts the data sent by the client.
  • (2) Decompose the decrypted data into three parts: original data, signature data and client certificate.
  • (3) Use the CA root certificate (CA's public key) to verify the signature integrity of the client certificate.
  • (4) Check whether the client certificate is valid (the current time is within the validity period defined in the certificate structure).
  • (5) Check whether the customer certificate is invalid.
  • (6) Verify the certificate usage in the client certificate structure.
  • (7) Use the client's certificate (client's public key) to verify the signature integrity of the original data.

        If all of the above are verified, the data is accepted.

2.4.6, PKI application

        The wide application of PKI technology can meet people's demand for network transaction security. Of course, as a kind of infrastructure, PKI has a wide range of applications and is constantly developing. Several application examples are given below.

1) Virtual Private Network (VPN)

        VPN is a dedicated data communication network built on public communication infrastructure. It uses network layer security protocols (especially IPSec) and encryption and signature technology based on PKI to obtain confidentiality protection. The IPSec protocol based on PKI technology has now become the basis of VPN architecture, which can provide encrypted and authenticated communication between routers, between firewalls, or between routers and firewalls. Although the implementation of the IPSec protocol is more complex, its security is much more complete than other protocols.

2) Secure email

        As the Internet continues to grow, commercial organizations or government agencies have begun to use e-mail to exchange some confidential or commercially valuable information, which has led to some security issues, including: messages and attachments can be exchanged between parties who are not communicating. Known to have been read, tampered with or truncated; the identity of the sender cannot be confirmed. The security requirements of email are also confidentiality, integrity, authentication and non-repudiation, and these can be obtained using PKI technology. The most rapidly developing secure email protocol is S/MIME (the secure multipurpose Internet mail extension), which is a protocol that allows sending encrypted and signed emails. The implementation of this protocol relies on PKI technology.

3) Web security

        In order to transparently solve the security problem of the Web, before two entities communicate, an SSL connection must be established first to achieve secure communication transparent to the application layer. Utilizing PKI technology, the SSL protocol allows encrypted communication between the browser and server. In addition, when the server side and the browser side communicate, both parties can confirm each other's identity through digital certificates. Combined with the SSL protocol and digital certificate, PKI technology can ensure the multi-faceted security requirements of Web transactions, making transactions on the Web as safe as face-to-face transactions.

        From the perspective of current development, the scope of PKI is very wide, not limited to the commonly considered CA institution, it also includes complete security policies and security applications. Therefore, the development of PKI has also changed from traditional identity authentication to various application-related security occasions, such as enterprise security e-commerce and government security e-government.

        In addition, the development of PKI has also developed from large-scale certification bodies to small and medium-sized PKI systems related to enterprise or government applications, which not only maintains compatibility, but also is related to specific applications.

Guess you like

Origin blog.csdn.net/java_faep/article/details/132595511
Recommended
The sixth meeting of openKylin Community Ecology Committee was successfully held
Alibaba Cloud officially releases Tongyi Qianwen 2.5
Python 3.13 releases first Beta: experimental free-threading mode and JIT, improved interactive interpreter
Stack Overflow used my code to train large AI models and banned my account.
Pop!_OS’s COSMIC desktop completes App Store listing
Report: Django is still the first choice for 74% of developers
"Internet Investment and Financing Operation in the First Quarter of 2024" Research Report
15 years ago, he was on the "FFmpeg pillar of shame", and today he still has to thank us - Tencent QQPlayer avenges its shame?
Ranking
Python handwritten digit recognition, the corresponding mathematical formulas and Detailed procedures
Der M-Chip-Mac implementiert mehrere Android-Emulatoren
CentOS 명령줄 모드에서 화면이 항상 켜져 있도록 설정 ---- 예상한 효과를 얻지 못했습니다.
Teach you step by step how to use GDB to debug programs: a comprehensive guide from entry to mastery
python3 pip ipython installation
A lot of python crawler source code sharing -- talk about the little thing about python crawler
Agile Sprint in Alpha Stage (7)
Access URL in Unity
FunctoinDemo form
MS SQL common SQL statements (6): create, modify, delete triggers and other operations sq
Daily
More
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)

Code World

© 2018 codetd.com