An Introduction to Public Key Infrastructure (PKI)

1

Akenti - Certificate-based Access Control for
Widely Distributed Resources
Abdelilah Essiari Gary Hoo Keith Jackson
William Johnston Srilekha Mudumbai Mary Thompson
2
Motivation

• Distributed computing environments, collaborative
  research environments
• Resources, stakeholders and users are all
  distributed
• Spanning organizational as well as geographical
  boundaries, e.g., DOE Collaboratories
• Requires a flexible but secure way to identify
  users
• Requires a flexible and secure way for
  stakeholders to remotely specify access control
  for their resources

3
Goals

• Access based on policy statements made by
  stakeholders
• Handle multiple independent stakeholders for a
  single resource
• Use Public Key Infrastructure standards to
  identify users and create digitally signed
  certificates
• Emphasize usability

4
Approach

• Public Key Infrastructure (PKI)
• Architecture
• Usability features

5
Public Key Infrastructure

• Provides a uniform way for organizations to
  identify people or other entities through X.509
  identity certificates containing public keys.
• These certificates and keys can be used though
  secured connections (SSL) and possession of a
  private key to establish the identity of the
  entities on the connection.
• The keys can be used to provide digital
  signatures on documents. The authors and
  contents of signed documents can be verified at
  the time of use.
• Public Key Infrastructure is beginning to be
  widely deployed in terms of organizations running
  Certificate Authorities.

6
Akenti Access Control

• Minimal local Policy Files (authorization files).
  Who to trust, where to look for certificates.
• Based on the following digitally signed
  certificates
• X.509 certificates for user authentication
• UseCondition certificates containing stakeholder
  policy
• Attribute certificates in which a trusted party
  attests that a user possesses some attribute,
  e.g. training, group membership
• Can be called from any application that has an
  authenticated users identity certificate and a
  unique resource name, to return that users
  privileges with respect to the resource.

7
Required Infrastructure

• Certificate Authority to issue identity
  certificates (required)
• SSLeay provides simple CA for testing
• Netscape CA - moderate cost and effort
• Enterprise solutions - Entrust, Verisign,
• Method to check for revocation of identity
  certificates (required)
• LDAP server - free from Univ. of Mich.. Or comes
  with Netscape CA
• Certificate Revocation lists - supported by most
  CAs
• Network accessible ways for stakeholders to store
  their certificates (optional)
• Web servers
• MSQL web accessible data bases

8

AKENTI ARCHITECTURE
Cache Manager
Fetch Certificate
DN
Resource Server
Client
Akenti
DN
DN
Identity (X509) certificate on behalf of the user.
Log Server
Internet

Use condition or attribute certificates
LDAP
File Servers
Database Server
Web Server
DN
Identity certificates
Certificate Servers
9

AKENTI CERTIFICATE MANAGMENT
Stakeholders
S3
S4
S1
S2
Certificate Generator
C4(S4)
C1(S1)
C2(S2)
C3(S3)
Certificate Servers
Akenti
Hash Generator
Search based on resource name, user DN, and
attribute
10
Emphasis on usability

• Akenti certificate generators provide a user
  friendly interface for stakeholders to specify
  the use constraints for their resources.
• User or stakeholder can see a static view of the
  policy that controls the use of a resource.
• Akenti Monitor applet provides a Web interface
  for a user to check his access to a resource to
  see why it succeeded or failed.

11
Vulnerabilities

• Distributed certificates might not be available
  when needed.
• Independent stakeholders may create a policy that
  is inconsistent with what they intend. Easy to
  deny all access.

12
Related Work

• Ellison, et.al. SPKI - authorization certificates
• Nekander Partanen (HUT) SPKI style certificates
  for access permissions on Java code. To replace
  per/machine Java policy files.
• Blaze,Feigenbaum Policy Maker and KeyNote based
  on authorization certificates written in a
  specified executable language.
• Foster, Kesselman Globus Use of X.509 identity
  certificates to authenticate users.
• Ryutov, Neuman Generic Authorization and
  Access-control API - and IETF draft standard t
  define an interface for authorization.

13
Status

• Akenti enabled Apache Web servers deployed at
  LBNL and Sandia.
• Controlling Akenti code distribution, secure
  data/image repository, ORNL electronic notebooks
• We have given code to CONDOR, Univ. of Wisc.,
  WebFlow at Syracuse Univ., NIST, and ISI/USC
• Servers run on Solaris, but client code runs on
  Linux as well
• Java interface to Akenti policy engine exists and
  is used by the Anchor agent code.

14
Future Directions

• Implement Akenti as a standalone server
• Expand Use Conditions to include dynamic
  variables such as time-of-day, originating IP
  address, state variables.
• Change syntax of certificates, probably to XML.
  We already have a Matchmaker want-ad style in
  addition to our original key-word/value syntax.
• Add delegation - probably in the form of
  authorization certificates
• Integrate with additional applications
• Network bandwidth Quality of service,
• Secure Mobile agents,
• Group key agreement protocol.

15
Conclusions

• As enterprises deploy PKI, identifying users by
  their identity certificates will become natural
  and transparent.
• Currently there are several competing standards
• browsers, Netscape and Explorer
• Entrust - own client interface
• Akenti/SSL overhead acceptable for medium grained
  access checking. E.g , starting an operation,
  making a authenticated connection.
• Ease of use for stakeholders must be emphasized.