משתמש:Eylonr/טיוטה/pki

סקירה

הצפנת מפתח ציבורי היא שיטה בקריפטוגרפיה המאפשרת לגופים מרוחקים לתקשר באופן מאובטח בתוך רשת ציבורית לא מאובטחת, ולהבטיח את הזהות אחד של השני באמצעות חתימות דיגיטליות.

תשתית PKI היא מערכת ליצירה, אחסון והפצה של תעודות דיגיטליות אשר מאפשרות לוודא שמפתח ציבורי אכן שייך לגוף מסוים. במסגרת תשתית זו מנפיקים תעודות דיגיטליות המקשרות שֵׁם עם מפתח ציבורי, מאחסנים את התעודות הללו במרכז שנועד לשם כך, ומבטלים אותן אם נדרש (למשל, כשנחשף המפתח הפרטי).

תשתית PKI מורכבת אפוא מ:

רשות אמון (CA) האחראית על ניפוק ועל אימות תעודות דיגיטליות.
מרכז רישום (RA) המאמת את הזהות של גופים המבקשים מידע מרשות האמון.
ספריה מרכזית - ר"ל מקום מאובטח שבו יאוחסנו מפתחות צופן.
מדיניות לכתיבת תעודות

Methods of certification

Broadly speaking, there are three approaches to getting this trust: certificate authorities (CAs), web of trust (WoT), and simple public-key infrastructure (SPKI).^[^{דרוש מקור]}

Certificate authorities

The primary role of the CA is to digitally sign and publish the public key bound to a given user. This is done using the CA's own private key, so that trust in the user key relies on one's trust in the validity of the CA's key. When the CA is a third-party separate from the user and the system, then it is called the Registration Authority (RA), which may or may not be separate from the CA.^[1] The key-user binding is established, depending on the level of assurance the binding has, by software or under human supervision.^[^{דרוש מקור]}

The term trusted third party (TTP) may also be used for certificate authority (CA). Moreover, PKI is itself often used as a synonym for a CA implementation.^[^{דרוש מקור]}

Temporary certificates & single sign-on

This approach involves a server that acts as an online certificate authority within a single sign-on system. A single sign-on server will issue digital certificates into the client system, but never stores them. Users can execute programs, etc. with the temporary certificate. It is common to find this solution variety with x.509-based certificates.^[2]

Web of trust

תבנית:Main An alternative approach to the problem of public authentication of public-key information is the web of trust scheme, which uses self-signed certificates and third party attestations of those certificates. The singular term "web of trust" does not imply the existence of a single web of trust, or common point of trust, but rather one of any number of potentially disjoint "webs of trust". Examples of implementations of this approach are PGP (Pretty Good Privacy) and GnuPG (an implementation of OpenPGP, the standardized specification of PGP). Because PGP and implementations allow the use of e-mail digital signatures for self-publication of public-key information, it is relatively easy to implement one's own web of trust.^[^{דרוש מקור]}

One of the benefits of the web of trust, such as in PGP, is that it can interoperate with a PKI CA fully trusted by all parties in a domain (such as an internal CA in a company) that is willing to guarantee certificates, as a trusted introducer. Only if the "web of trust" is completely trusted, and because of the nature of a web of trust, trusting one certificate is granting trust to all the certificates in that web. A PKI is only as valuable as the standards and practices that control the issuance of certificates and including PGP or a personally instituted web of trust could significantly degrade the trustability of that enterprise's or domain's implementation of PKI.^[3]

The web of trust concept was first put forth by PGP creator Phil Zimmermann in 1992 in the manual for PGP version 2.0: תבנית:Quotation

Simple public-key infrastructure

Another alternative, which does not deal with public authentication of public-key information, is the simple public-key infrastructure (SPKI) that grew out of three independent efforts to overcome the complexities of X.509 and PGP's web of trust. SPKI does not associate users with persons, since the key is what is trusted, rather than the person. SPKI does not use any notion of trust, as the verifier is also the issuer. This is called an "authorization loop" in SPKI terminology, where authorization is integral to its design.^[^{דרוש מקור]}

History

The public disclosure of both secure key exchange and asymmetric key algorithms in 1976 by Diffie, Hellman, Rivest, Shamir, and Adleman changed secure communications entirely. With the further development of high speed digital electronic communications (the Internet and its predecessors), a need became evident for ways in which users could securely communicate with each other, and as a further consequence of that, for ways in which users could be sure with whom they were actually interacting.^[^{דרוש מקור]}

Assorted cryptographic protocols were invented and analyzed within which the new cryptographic primitives could be effectively used. With the invention of the World Wide Web and its rapid spread, the need for authentication and secure communication became still more acute. Commercial reasons alone (e.g., e-commerce, on-line access to proprietary databases from Web browsers, etc.) were sufficient. Taher Elgamal and others at Netscape developed the SSL protocol ('https' in Web URLs); it included key establishment, server authentication (prior to v3, one-way only), and so on. A PKI structure was thus created for Web users/sites wishing secure communications.^[^{דרוש מקור]}

Vendors and entrepreneurs saw the possibility of a large market, started companies (or new projects at existing companies), and began to agitate for legal recognition and protection from liability. An American Bar Association technology project published an extensive analysis of some of the foreseeable legal aspects of PKI operations (see ABA digital signature guidelines), and shortly thereafter, several US states (Utah being the first in 1995) and other jurisdictions throughout the world, began to enact laws and adopt regulations. Consumer groups and others raised questions of privacy, access, and liability considerations which were more taken into consideration in some jurisdictions than in others.^[^{דרוש מקור]}

The enacted laws and regulations differed, there were technical and operational problems in converting PKI schemes into successful commercial operation, and progress has been far slower than pioneers had imagined it would be.^[^{דרוש מקור]}

By the first few years of the 21st century the underlying cryptographic engineering was clearly not easy to deploy correctly. Operating procedures (manual or automatic) were not easy to correctly design (nor even if so designed, to execute perfectly, which the engineering required). The standards that existed were insufficient.^[^{דרוש מקור]}

PKI vendors have found a market, but it is not quite the market envisioned in the mid-90s, and it has grown both more slowly and in somewhat different ways than were anticipated.^[4] PKIs have not solved some of the problems they were expected to, and several major vendors have gone out of business or been acquired by others. PKI has had the most success in government implementations; the largest PKI implementation to date is the Defense Information Systems Agency (DISA) PKI infrastructure for the Common Access Cards program.^[^{דרוש מקור]}

Security issues

Usage examples

PKIs of one type or another, and from any of several vendors, have many uses, including providing public keys and bindings to user identities which are used for:

Encryption and/or sender authentication of e-mail messages (e.g., using OpenPGP or S/MIME).
Encryption and/or authentication of documents (e.g., the XML Signature [2] or XML Encryption [3] standards if documents are encoded as XML).
Authentication of users to applications (e.g., smart card logon, client authentication with SSL). There's experimental usage for digitally signed HTTP authentication in the Enigform and mod_openpgp projects.
Bootstrapping secure communication protocols, such as Internet key exchange (IKE) and SSL. In both of these, initial set-up of a secure channel (a "security association") uses asymmetric key (a.k.a. public-key) methods, whereas actual communication uses faster symmetric key (a.k.a. secret key) methods.
Mobile signatures^[5] are electronic signatures that are created using a mobile device and rely on signature or certification services in a location independent telecommunication environment.
Universal Metering Interface (UMI) an open standard, originally created by Cambridge Consultants for use in Smart Metering devices/systems and home automation, uses a PKI infrastructure for security.

Terminology

CA: Certificate authority
TTP: Trusted third party

References

^ "Mike Meyers CompTIA Security+ Certification Passport," by TJ Samuelle, page 137.
^ Single Sign-On Technology for SAP Enterprises: What does SAP have to say? [1]
^ Ed Gerck, Overview of Certification Systems: x.509, CA, PGP and SKIP, in The Black Hat Briefings '99, http://www.securitytechnet.com/resource/rsc-center/presentation/black/vegas99/certover.pdf and http://mcwg.org/mcg-mirror/cert.htm
^ Stephen Wilson, Dec 2005, "The importance of PKI today", China Communications, Retrieved on 2010-12-13
^ Mark Gasson, Martin Meints, Kevin Warwick (2005), D3.2: A study on PKI and biometrics, FIDIS deliverable (3)2, July 2005