Research activity in 1998
The Department of Computer Science has established a public key certification service (Certification Authority, CA), to allow University users to exchange signed and encrypted mail using Netscape Communicator/Messenger or Internet Explorer/Outlook, and to allow the installation of SSL secure Web servers. The services have been experimented with during 1998, and are available for the whole University starting from the first quarter of 1999. For achieving this large user base, a number of registration authorities (RAs) have been made operational, so that certificates may be requested at the main University sites.
Public key certification is the most critical aspect of communication privacy and authentication, especially when digital signatures are involved. Wrong associations of public keys to users can lead to serious and long-lasting damages. A Certification Authority is normally used to publish reliable user to public key correspondences, under the form of a public key certificate. Our CA distributes certificates under the X.509 standard, including user data such as name and affiliation, user public key, a serial number, and the CA's digital signature. Certificates can then be exchanged by users without further communications with the CA, in order to determine public key ownership when exchanging encrypted and/or signed data. This is useful for electronic mail, for access to secure WWW servers, and for the offline verification of digital signatures.
The department CA offers a service distributing X.509 (version 3) certificates that may be used in popular mail and browsing tools such as Netscape Communicator and Microsoft's Internet Explorer. The used public key cryptosystem is based on the RSA asymmetric encryption with the MD5 message digest, as available in the international OpenSSL implementation (version 0.9.2). The implementation is not subject to US export restrictions and is compatible with standard mail tools and browsers. For Netscape Communicator, certificates must then be combined with the user's private key in the PKCS12 format, so that they may be loaded in the browser. This is also available from the OpenSSL package.
Two distinct CA services are available.
The first is to be used mainly as a demo service, and relies on the user's browser to generate 512 bit RSA keys. The public key is then sent to the CA, a few automatic checks are performed, a certificate is generated and made available to the user via HTTP. The user will then request the certificate from the relevant CA address. The browser will automatically install the certificate, combined with the private key, that was kept on the client. This first service is weak from a security perspective, especially due to the 512 bit keys, but also because the browser is used for key generation, and because key ownership tests are deliberately simple and automatic. However, the service may be useful for training our users in performing private and authenticated communications, and for making them at ease with digital signatures.
The second certification service we offer is stronger, and requires face-to-face or voice/telephone identity verification. A Windows (NT/9x) package called Certification Tool (http://ca.unito.it/certtool.html) has been implemented and made available with its source code to our users. The Sun Solaris implementation is under way. The package includes the needed OpenSSL functions, and runs on the client host.
It allows the user to: (1) generate a 1024 bit asymmetric key pair (2) view and store the key fingerprint (3) prepare a certificate request and send it to our CA address (4) receive the certificate when it becomes available, combine it with the local public key and load it in the browser. On the CA side, the certificate request will be stored in a temporary directory. Periodically, we move the certificate requests to an offline computer, and generate certificate requests, after verifying user identity and fingerprints over the telephone, or with the physical presence of the owner. Then, certificates are made available over the network, so that Certification Tool program may load them. For the users who need to access public terminals, or want portable cryptographic hardware, the certificates may be loaded on a smart-card. Our service provides support for the Gemplus GPK4000S card.
Finally, certificates are distributed publicly via the LDAP protocol, that is accessed by commercial browsers as a standard directory service over TCP/IP. The publication of a certificate revocation list over the WEB is also available, together with the implementation of an online revocation service, separate from the CA. Users must be contacted for revocation when the private key has been lost, but even non-signed certificate revocation requests are stored and made known on a separate list. Time is critical in certificate revocation.
The department has also installed a secure WWW server (Apache with the SSL protocol, under the OpenSSL implementation). This server distributes authenticated information to internal users. The information is restricted to the Department personnel, and users are authenticated via asymmetric cryptography, if they have a public key pair certified by our CA. If not, HTTP user authentication is performed, with a userid/password. Because client to server information is in any case encrypted, the password may not be read over the local area network. Strong 128 bit symmetric encryption is made available to users as distributed through the "FORTIFY" modifier of the standard Netscape Communicator browser.
The layering of SSL below the protocols POP3/IMAP4 is to be explored, with the attention to the privacy of the login/password pairs that is normally visible over the network, especially when users contact the mail server from a mobile client or from a home account. Now a first test implementation is available to the users of the Department and will be proposed as a standard for the University in the second quarter of the 1999.
