Wireless Certificates
Download
Report
Transcript Wireless Certificates
ICN ISA TNA
Wireless Certificates
PKI Forum, TWG, Munich 2001 Meeting
© Siemens AG 2001. ICN ISA TNA. Dr. Oliver Pfaff. June, 2001
Trusted Networks & Applications
Contents
M-Business
Wireless PKI
© Siemens AG 2001. ICN ISA TNA. Dr. Oliver Pfaff. June, 2001
Conclusions
Trusted Networks & Applications - E-Business Security
2
M-Business
Intends to supply ubiquitous access to
digitally represented business
processes.
Classical security requirements occur:
Integrity
Authentication
Non-repudiation
Confidentiality
Classical security solutions apply:
Security infrastructure
Information- and/or transport-bound
security services
Security token
Trusted Networks & Applications - E-Business Security
3
© Siemens AG 2001. ICN ISA TNA. Dr. Oliver Pfaff. June, 2001
Considered as variant of E-Business
that is accommodating mobile users:
“M-Business = Internet + E-Business +
Mobility” [Siemens I&C]
E-/M-Business Model
Home,
hotel,...
Office
PSTN
Intranet
E-/M-Business service
Service
portals
Business
logic
Service
frontend
Service
backend
© Siemens AG 2001. ICN ISA TNA. Dr. Oliver Pfaff. June, 2001
Network operator
Customer
IP
network
Mobile
PSTN
Mobile network
span
Wireless PKI
focus
Mobile business span
Trusted Networks & Applications - E-Business Security
4
M-Business Solutions: Constraints and Approaches
Limitations of wireless devices/networks constraint M-Business solutions:
Devices are restricted with respect to battery, display, keyboard, memory,
or processor capacity.
© Siemens AG 2001. ICN ISA TNA. Dr. Oliver Pfaff. June, 2001
Networks are based on narrow-band bearers with high latency.
These limitations apply to mobile security architectures, in particular.
But, they are becoming less significant with new device and network
generations.
Current approaches to deliver Internet contents/services to wireless devices:
iMode
Based on HTTP as well as a HTML subset (cHTML - compact HTML).
Services are provided via HTTP proxies. Solution is being developed by
NTT DoCoMo (www.nttdocomo.com).
WAP - Wireless Application Protocol
Version 1.n specifications are based on an own protocol suite and XML.
Services are provided via WAP gateways. Specifications are being
developed by the WAP Forum (www.wapforum.org), a global industry
consortium.
Trusted Networks & Applications - E-Business Security
5
Contents
M-Business
Wireless PKI
© Siemens AG 2001. ICN ISA TNA. Dr. Oliver Pfaff. June, 2001
Conclusions
Trusted Networks & Applications - E-Business Security
6
WPKI - Wireless PKI: Overview
Public key infrastructure that is designed to support automated identification,
authentication, and authorization services in mobile environments.
© Siemens AG 2001. ICN ISA TNA. Dr. Oliver Pfaff. June, 2001
Work item of the WAP Forum Security Working Group (WSG). Following PKI
specifications are currently available:
WTLS certificate: part of the WTLS specification (status: ‘approved’).
Provides a simple, non-ASN.1 certificate format.
WAPCert: ‘WAP Certificate and CRL Profile’ (status: ‘proposed’).
Provides a compact certificate profile on base of PKIX.
WPKI: ‘WAP PKI Definition’ (status: ‘proposed’). Supports WTLS, X.509WAPCert, and X.509-PKIX certificates.
Basis for efforts of other industry consortiums, including:
MeT (Mobile Electronic Transactions; www.mobiletransaction.org)
Mobey (promoter of mobile financial services; www.mobeyforum.org)
MoSign (Mobile Signature, a German trial effort; www.mosign.de)
Radicchio (promoter of wireless PKI; www.radicchio.org)
Trusted Networks & Applications - E-Business Security
7
End
entity
RA
Repository
PKI portal
CA
Trusted Networks & Applications - E-Business Security
End entity
Entity that is using (e.g. validating)
certificates or is a subject of certificates.
Registration authority (RA)
Entity that is authorized to make
requests to issue/revoke/update
certificates to a CA.
Certification authority (CA)
Issues/updates/revokes public key
certificates in response to authenticated
requests from legitimate RAs.
PKI portal
Entity that provides services to WAP
end entities and performs RA and/or CA
functions. It is required to be both WAP
and PKI aware.
Repository
System(s) that support(s) the
distribution of certificates and CRLs.
8
© Siemens AG 2001. ICN ISA TNA. Dr. Oliver Pfaff. June, 2001
WPKI Entities
WPKI Applications
© Siemens AG 2001. ICN ISA TNA. Dr. Oliver Pfaff. June, 2001
Already specified (and covered by the current ‘WAP PKI Definition’):
Transport-bound security services:
Server authentication (aka: WTLS class 2/3, since
WAP 1.0)
Client authentication (aka: WTLS class 3, since
WAP 1.0)
Information-bound security services:
Signature generation at client-site (via WMLScript
‘signText’, since WAP 1.2).
Under development (not covered by the current ‘WAP PKI Definition’):
Information-bound security services:
Signature validation at client-site (e.g. signed scripts
or active contents such as WTA - Wireless Telephony
Application objects)
Encryption at client-site (i.e. wrapping symmetric keys)
Decryption at client-site (i.e. unwrapping symmetric keys)
Remark: WAP security applications are optionally accompanied by a
WIM - Wireless Identification Module; WAP includes a WIM specification.
Trusted Networks & Applications - E-Business Security
9
Certificate
type
Refers to
Applies to
X.509-WAPCert
Client and
issuing authority
certificates
Certificates stored
upon clients or sent
over-the-air
Client and
issuing authority
certificates
Certificates not stored
upon clients and not
sent over-the-air
Client
certificates X.509-PKIX
Server
WTLS certificate
certificates
© Siemens AG 2001. ICN ISA TNA. Dr. Oliver Pfaff. June, 2001
WPKI Certificate Taxonomy (WAP 1.n)
WTLS server and
issuing authority
certificates
Remark:
The WTLS certificate format is going to be deprecated when migrating from
WTLS to TLS with WAP-NG. It is going to be substituted by the WAPCert profile.
Trusted Networks & Applications - E-Business Security
10
WTLS vs. X.509v3 Certificate Formats
certificate_version
signature_algorithm
issuer
valid_not_before
valid_not_after
subject
public_key_type
parameter_specifier
public_key
signature
Ad-hoc, not ASN.1 encoded
Trusted Networks & Applications - E-Business Security
X.509v3 certificate format
version
serialNumber
signature
issuer
validity
© Siemens AG 2001. ICN ISA TNA. Dr. Oliver Pfaff. June, 2001
WTLS certificate format
subject
subjectPublicKeyInfo
issuerUniqueID
subjectUniqueID
extensions
signatureAlgorithm
signatureValue
ASN.1 encoded
11
WAPCert Certificate Profile on Base of PKIX-X.509v3
validity
subject
subjectPublicKeyInfo
extensions
signatureAlgorithm
signatureValue
The WAPCert profile is based upon the PKIX
profile (RFC 2459; certificate versions: v1/v3).
It applies to client certificates stored in WAP
devices and transmitted in WAP protocols.
WAPCert requirements beyond RFC 2459:
SerialNumber: limited to 8 bytes.
Signature: sha1WithRSAEncryption
or ecdsa-with-sha1.
Issuer/subject: recommends the
serialNumber (X.520) attribute for short
and locally unique distinguished names.
SubjectPublicKeyInfo:
rsaEncryption or id-ecPublicKey
Extensions: provides additional
domainInformation attribute to enforce
OCSP and/or link non-critical extensions
not contained in the certificate (extension
URL and hash value are included).
Trusted Networks & Applications - E-Business Security
12
© Siemens AG 2001. ICN ISA TNA. Dr. Oliver Pfaff. June, 2001
version
serialNumber
signature
issuer
Key generation
May be upon devices (such as WIM) or externally; may be local or central.
Required are different keys with respect to different PKI applications (esp.
for client authentication and digitally signing).
Certification request
Processed by a RA. PKI registration may be part of device/service provisioning
or performed upon user request. Formats/protocols to transfer public keys and
to provide proof of private key possession (POP):
Server certificates: PKCS#10
Client certificates (authentication): WTLS
Client certificates (digital signature): signText format
PKI registration may be assisted by devices delivered with initial key pairs and
pre-installed ‘device certificates’ (allowing manufacturers to make statements
regarding key quality, device properties, and related procedures).
Certificate issuance
Performed by a CA upon legitimate request by a RA. Binding of a specific key
usage (e.g. client authentication and digitally signing) is recommended. Due to
storage limitations, multiple certificates may be issued per client key pair.
Trusted Networks & Applications - E-Business Security
13
© Siemens AG 2001. ICN ISA TNA. Dr. Oliver Pfaff. June, 2001
WPKI Operations
WPKI Operations (cont’d)
Trusted Networks & Applications - E-Business Security
© Siemens AG 2001. ICN ISA TNA. Dr. Oliver Pfaff. June, 2001
Certificate delivery/distribution
CA certificates: may be provisioned as part of device/service supply as
well as downloaded. Authentication of self-signed CA certificates may be
provided out-of-band by a fingerprint mechanism or in-band by an
additional signature (verification key certified by another CA instance).
End entity certificates: client-certificate IDs allow to avoid client-site
storage as well as over-the-air distribution of client certificates. Such
client certificates are provided by repository services.
Certificate validation
Performed by end entities. It is intended to mark trusted certificates upon
clients (e.g. ‘telephony service provider root’) in order to be able to control
certain applications such as download of WTA objects.
Certificate revocation
In order to obviate revocation services upon clients, short-lived WTLS server
certificates are suggested (CAs simply stop issuance).
Certificate update
Currently specified for CA certificates: employs the signature variant for the
distribution of self-signed certificates (cf. above).
14
Certificate Distribution via Client Certificate-IDs
(here: key generation upon WIM as an infrastructure service)
RA/CA
service
0: CA certificate
provisioning
2: Request
client
certificate
via ID
4: Transmit signed
data with client
certificate-ID
WAP
client
E-/M-Business
service
Trusted Networks & Applications - E-Business Security
© Siemens AG 2001. ICN ISA TNA. Dr. Oliver Pfaff. June, 2001
3: Publish client
certificate
1: Provide
private key
and client
certificateID upon
WIM
Allows to:
Offload client certificate handling
from mobiles.
Save over-the-air distribution of
client certificates.
Support identity establishment with
or without ‘writing’ onto security
token after device provisioning.
5: Retrieve
certificate
Current application scenarios:
via client
WTLS client authentication
certificateID
Digitally signing via WMLScript
‘signText’
Identification options:
6: Validate
Key hash
client
certificate
Issuer and serial number
Repository
service
Retrieval may be based on HTTP or
LDAP URLs.
15
WPKI service consumers
(W)PKI portal
RA
Repository
CA
(W)PKI service providers
Trusted Networks & Applications - E-Business Security
WPKI specific processing:
Client certificates
POP during PKI registration based
upon WAP security mechanisms.
WAP in-band distribution requires
X.509-WAPCert certificates. WAP
out-of-band distribution is based on
IDs; certificates comply to PKIX.
Server certificates
Currently based upon proprietary WTLS
certificate format which is going to be
deprecated with WAP-NG.
Trusted certificates
Provisioning and update are based
upon WPKI structures delivered with
specific MIME types.
Thus, wireless PKI constraints may largely
be accommodated at infrastructure border.
16
© Siemens AG 2001. ICN ISA TNA. Dr. Oliver Pfaff. June, 2001
Infrastructure Core vs. Boundary
Outlook: XKMS as Potential WPKI Enabler
XKMS - XML Key Management Specification:
Provides XML-based interfaces to PKI:
Supports clients in accessing and
using public keys.
Shields clients from syntax, semantic,
as well as trust model issues of
engaged PKI domains.
Thus, XKMS would allow to offload
XKMS services
(client and server) certificate handling
from mobiles.
Provide:
XKMS responders may be part of network
ASN.1 parsing
Key recovery
operator services.
Object retrieval
RA
Remark: XKMS assumes clients to be
Path construction and
XML and XMLDSig aware (e.g. <KeyInfo>
processing
Repository
CA
handling) to an extend currently not
PKI/attribute registration
supported by WAP. Thus, the sketched
Status checking
scenario addresses long term
Trust model processing
opportunities.
(W)PKI service providers
© Siemens AG 2001. ICN ISA TNA. Dr. Oliver Pfaff. June, 2001
WPKI service consumers
Deploy:
Basic asymmetric
services
XKMS services
integration
Trusted Networks & Applications - E-Business Security
17
Contents
M-Business
Wireless PKI
© Siemens AG 2001. ICN ISA TNA. Dr. Oliver Pfaff. June, 2001
Conclusions
Trusted Networks & Applications - E-Business Security
18
Conclusions
Business development aspects:
Wireless PKI may see truly large consumer PKI domains rapidly due to
existing business processes (e.g. device provisioning), available local
infrastructure (e.g. network provider outlets), and product properties (e.g.
smart card capabilities in GSM/GPRS phones).
Best-of-both-worlds / how to?
Avoid multiple infrastructures when offering E-/M-Business services via
multiple distribution channels such as Web and WAP:
Unify infrastructure core.
Accommodate necessary deviations at infrastructure boundary, i.e. as
part of service provisioning.
Emerging XKMS services promise adequate support for wireless needs
(lean clients) and are becoming a matter of WAP-NG considerations.
Trusted Networks & Applications - E-Business Security
19
© Siemens AG 2001. ICN ISA TNA. Dr. Oliver Pfaff. June, 2001
Technical aspects:
Compared to classical (i.e. originally wired) PKI efforts, WPKI is no new
solution approach; it essentially resembles X.509v3 and PKIX ideas.
In part, WPKI documents define formats, protocols, and procedures that
deviate from classical approaches.
Author Information
Siemens AG
© Siemens AG 2001. ICN ISA TNA. Dr. Oliver Pfaff. June, 2001
Information and Communication Networks
Postal Address:
Siemens AG - ICN ISA TNA
D-81370 Munich
Office Address:
Charles-de-Gaulle-Str. 2
Dr. Oliver Pfaff
Technology Area Manager
E-Business Security
Trusted Networks & Applications - E-Business Security
Tel. +49.89.722.53227
Fax: +49.89.722.53249
Mobile: +49.172.8250805
E-Mail: [email protected]
20