Public Key Technology in Windows 2000
The Windows 2000 operating system has a built-in public key infrastructure (PKI) to address the business needs of enterprises that want to conduct e-commerce over the Internet. In this chapter, the authors discuss PKI architecture, interoperability issues, and applications that use Windows 2000's PKI infrastructure.
The Windows 2000 operating system has a built-in public key infrastructure (PKI) to address the business needs of enterprises that want to conduct e-commerce over the Internet. The built-in PKI provides a distributed authentication model that scales to the Internet and that interfaces with existing PKI trust infrastructures, enabling large-scale deployment of e-commerce applications. Furthermore, an enterprise can leverage the built-in PKI to enhance the security of its internal networks by using, for example, smart cards instead of passwords for domain network log-on.
We start by presenting a list of Windows 2000 applications that use public key technology to address their security needs. We then discuss the Windows 2000 public key security architecture and provide basic information on the Windows 2000 PKI. Finally, we turn our attention to the interoperability issues and examine the various levels of interoperability between Windows 2000 PKI and a third-party PKI.
Windows 2000 leverages public key technology to address the security needs of a wide range of real-world business-to-consumer and business-to-business applications. This section presents the major applications that have an underlying public key security.
Secure E-Commerce: TLS/SSL
The Internet has already crossed the chasm between a publishing platform and a platform to conduct on-line business. Shopping malls and merchants have set up secure Web sites to extend their businesses to on-line consumers and to receive payments. The secure Web sites enable consumers to verify the identity of merchants and to ensure the privacy of their transactions and payment information.
Windows 2000 provides an infrastructure to enable business-to-consumer e-commerce. The support for Secure Socket Layer (SSL) 3.0 [FRIE96] and Transport Layer Security (TLS) 1.0 protocols [DIER99], public key certificates, and embedded trust points in browsers are the key cornerstones of this infrastructure. The TLS/SSL protocols provide security over public networks and prevent communications eavesdropping, tampering, and forgery. Client/server applications use the TLS handshake protocol to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before an application starts transmitting data. The handshake protocol uses public key cryptography, such as RSA [RIVE78] or DSS [DSS94], to authenticate peers and to negotiate a shared secret. Public key certificates provide evidence for the identity of merchants; consumers use their own local policies to decide how much trust to place in these certificates.
Once a channel is authenticated, TLS uses symmetric cryptography, such as DES [DES83] or RC4, to encrypt the application data in the negotiated shared secret prior to transmission over the network. Message transmission includes a message integrity check, using a keyed message authentication code (MAC) [KRAW97], computed by applying a secure hash function, such as SHA [SHA94] or MD5 [RIVE92]. Encryption of application data ensures the privacy of communications and payment information with a Web server, whereas message integrity checks prevent communications tampering and forgery.
Supporting Distributed Business Partners: TLS/SSL Client-Side Authentication
The Internet is undoubtedly the ultimate platform for distributed computing. The general public uses the Internet to access information, to view catalog information, and to place orders. Company employees who are on the road or working from home connect to their favorite Internet service providers and access their company's intra-net to carry out their tasks. Similarly, a company's business partners use the Internet to access privileged resources from the company's extranet and to perform a variety of business-to-business processes, such as supply chain management and customer relations management.
Supporting on-line business-to-business relationships poses a unique challenge: the need for distributed authentication. An enterprise must be able to reliably authenticate its distributed partners to determine and to enforce their access rights to its internal resources. The authentication mechanism must scale to thousands of partners-millions of consumers for business-to-consumer applications-and must be flexible; it must be administratively easy to add a new business partner or to remove a partner no longer authorized to use the extranet.
Windows 2000 leverages public key technology to offer a flexible solution for distributed authentication. An enterprise can issue client certificates for its business partners or consumers and use Windows 2000 PKI to authenticate partners, based on their certificates. The authentication hinges on the client-side authentication in TLS, public key certificates, and trust points in a Web server. During the TLS handshake protocol, a Web server can ask a client for its certificate and confirm the client's identity, based on the submitted certificate and the Web server's trust policy. The protocol allows a browser to display a suitable list of available certificates to a client; browsers enhanced with additional software can further customize this list and provide branding information.1 After a Web server verifies a client certificate, Windows 2000 provides a mapping mechanism to relate the external identity of a distributed user to an internal enterprise identity. Windows NT 4.0 supports the mapping within the Internet Information Services (IIS); Windows 2000 provides an alternative approach by defining the mappings within Active Directory. The mapping can be either many-to-one, associating many clients to one Windows account, or one-to-one, relating one client to one Windows account. Windows 2000 provides a great deal of flexibility for setting up the mapping relationships between client public key certificates and Windows accounts, such as using the certificate issuer or subject fields as mapping parameters.
Windows 2000 uses the enterprise identity of an external client for updating account information and generating audit trails. Equally important is enforcing access-control rules and ensuring that a distributed partner accesses only the intended resources. When mapping an external user to a Windows account, Windows 2000 uses the access rights of the mapped account to determine and to enforce access rights. An enterprise can set up an account for each distributed partner with the proper access rights to its extranet; Windows 2000 provides built-in operating system support to enforce the rights.
Strong Network Authentication: Smart Cards
Passwords have traditionally been a weak link in the overall security of an authentication system [FEGH98]. Passwords have poor random qualities because humans need to be able to memorize them. Users typically need to remember a number of passwords to access various systems and tend to forget their passwords, requiring an administrative process to reissue new passwords, which further weakens the overall security of a system.
Windows 2000 supports smart cards for strong, interactive network authentication. Smart cards hold cryptographic public key-based keys that have much better random qualities than do passwords. Users interactively log on to their domain accounts by proving that they are in possession of the private keys corresponding to their public key certificates. Windows 2000 implements the required public key extensions to Kerberos to enable smart card log-on. Furthermore, Windows 2000 PKI has the necessary machinery to issue certificates in smart cards for network users. See Chapter 2 for more information on Windows 2000 smart card interactive log-on.
Distributing Authenticated Code: Authenticode 2.0
The Internet provides an extremely effective platform for distributing software. Many Web sites have content containing downloadable code, such as ActiveX controls, Java applets, or scripts, that transports to browsers during Web surfing. Once downloaded, the code runs on the client computers and performs tasks ranging from simple error checking on HTML (Hypertext Markup Language) forms to such sensitive operations as reading personal files. Downloadable code adds programming logic to digital content, enhances the functionality of the browser, and improves the user experience. Unfortunately, rogue Web sites can use the same distribution channel to download harmful code to client computers for fraudulent purposes. Furthermore, attackers can infect downloadable code with a virus while in transit from a legitimate Web server to end users' desktops.
Authenticode 2.0 provides accountability for downloadable code and ensures the integrity of code while in transit. Authenticode uses public key certificates issued for software publishing to create a digital signature over an executable program, a cabinet file, a digital thumbprint, an ActiveX control, a dynamic link library (DLL), or a certificate trust list (CTL). The signature binds the code to the identity of its publisher; the software publishing certificate vouches for the identity of the publisher and creates accountability. When a Web surfer downloads digital content that contains signed code, a browser interrupts2 the download process and prompts the user for approval. Trust in the certification authority that has issued the software publishing certificate, the software publisher, and other local policy trust decisions determine whether the user approves the signed code. See [FEGH98] for an overview of the Authenticode technology.
Laptop and Desktop File System Security: EFS
The Windows NT file system (NTFS) protects sensitive files against improper access but is helpless to prevent an attacker from running another operating system, such as UNIX or MS-DOS, to inspect NTFS-based files on disk structures. An attacker can boot another operating system from the floppy when a computer boots or may physically remove a hard disk and install it in a computer with a different operating system. Tightening the physical security helps minimize such attacks, but such measures are not as effective against insider attacks and do not work when an employee carries around sensitive information on a laptop.
Data encryption provides the only safeguard against such attacks. A stolen lap-top or hard disk is useless if the attacker cannot decipher encrypted files. Although a number of products in the marketplace offer application-level file encryption, they generally suffer from inherently weak password-derived keys for encryption, are not transparent, and do not have recovery agents.
Windows 2000 provides a built-in data encryption service called Encrypting File System (EFS). EFS uses symmetric key cryptography for encryption and public key cryptography for securing the random symmetric keys. Encryption and decryption of files are transparent to end users and happen seamlessly when data travels to and from disk structures. EFS supports file sharing among any number of users by keeping a copy of a random symmetric key encrypted in the public key of each user. Built-in data recovery agents allow an enterprise to enforce its local policy on EFS, such as recovering encrypted files when employees leave or when they lose their private keys. Refer to [MICR00D] for an in-depth discussion of EFS.
Secure E-Mail: S/MIME
The use of e-mail for business-to-consumer transactions has already taken off as a replacement for regular mail. Businesses now use e-mail to inform consumers about their promotions, send monthly billing statements, confirm stock trades, and so on. Conventional Internet e-mail, however, does not provide the same quality of service that regular mail provides. E-mail is, for example, vulnerable to eavesdropping and counterfeiting. Secure e-mail, however, provides many of the protections that people associate with regular mail, providing message origin authentication, message integrity, nonrepudiation of origin, and message confidentiality. Secure e-mail furnishes writer-to-reader security, which protects an e-mail from the moment it leaves a sender's mailing tool until it arrives at a recipient's mailing tool.
Windows 2000 supports the S/MIME (Secure Multipurpose Internet Mail Exchange) protocol for securing e-mail messages in the Internet. S/MIME leverages symmetric key cryptography for confidentiality, public key cryptography for authentication and nonrepudiation, and a formal public key infrastructure for accountability. The Windows 2000 built-in PKI provides the required machinery to implement S/MIME in an enterprise.The flexibility of the Windows 2000 PKI allows an enterprise to chain an internal trust point to an external, commercial trust point, in order to extend the secure e-mail protections beyond its internal boundary.An enterprise also has the flex-ibility to outsource the entire management for its S/MIME PKI to a third-party trust provider, such as VeriSign. Chapter 5 and Chapter 9 discuss such integration considerations with third-party trust providers and external trust infrastructures in detail.
Network-Level Secure Communications: IPsec
Securing network traffic at the IP layer provides transparency and end-to-end security. Applications and higher-layer protocols, such as TCP or UDP, can transparently leverage the IP-layer security services without requiring any code changes. The provided end-to-end security services protect packets from the moment they leave a source IP node until they arrive at a destination IP node. In contrast, security services at a layer above the IP layer do not have the transparency property; security services at a layer below the IP layer do not have the end-to-end property.
IP Security (IPsec) lays a security architecture for the Internet Protocol and provides high-quality, cryptographically based security services for authentication, integrity, confidentiality, and access control. IPsec-enabled systems select the security features they need and communicate securely over insecure networks with other IPsec-enabled systems. IPsec secures IP packets at the network level according to the security policy of a communicating IP node before forwarding them to the network interface layer for transmission; the intended receiving IP node verifies the packets according to the established security associations and rejects packets that do not have the expected level of security.
Windows 2000 provides a built-in implementation of the IPsec security protocol and its associated key management protocols. Windows 2000 default IPsec policies govern how clients and servers engage in secure communications; network administrators can create custom policies to enforce their local business rules. Windows 2000 supports router-router virtual private networks (VPNs) based on IPsec and remote access virtual private networks based on L2TP/IPsec. We will provide detailed coverage of IPsec and virtual private networks in Part III.
1. VeriSign offers a product called Personal Trust Agent (PTA) that improves the user experience and provides branding for client certificates.
2. Users can configure their browsers to automate such trust decisions.