D3.2: A study on PKI and biometrics

Title: INTRODUCTION

A Public Key Infrastructure (PKI) is a security architecture which is aimed at providing an increased level of confidence for exchanging information over the increasingly insecure Internet. The term PKI can be very confusing, even to a technologist, because it is used to mean several different things. On the one hand, PKI can be defined as a set of hardware, software, people, policies and procedures needed to create, manage, store, distribute and revoke public-key certificates. On the other hand, it may mean the use of a public and private key pair for authentication and proof of content. A PKI infrastructure is expected to offer its users benefits, such as certainty of the quality of information sent and received electronically, certainty of the source and destination of that information, assurance of the time and timing of that information (providing the source of time is known), certainty of the privacy of that information, assurance that the information may be introduced as evidence in a court or law. These facilities are delivered using a mathematical technique called public key cryptography that uses a pair of related cryptographic keys to verify the identity of the sender (signing) and/or to ensure privacy (encryption). PKI facilities have been developed principally to support secure information exchange over insecure networks - such as the Internet - where such features cannot otherwise be readily provided. Nevertheless, they can also be used just as easily for information exchanged over private networks, including corporate internal networks. What is more, PKI can be used to deliver cryptographic keys between users (including devices such as servers) securely, and to facilitate other cryptographically delivered security services.

Public-key cryptography uses a pair of mathematically-related cryptographic keys. If one key is used to encrypt information, then only the related key can decrypt that information. Should you know one of the keys, you cannot easily calculate the other one. A private key is used to decrypt information that has been encrypted using its corresponding public key. The person using the private key can be certain that the information they are able to decrypt must have been intended for them, but they cannot be certain from whom the information comes. 

If the sender wishes to prove to a recipient that they are the source of the information (perhaps they accept legal responsibility for it), they use a private key digitally to sign a message (a digital signature). Unlike the handwritten signature, this digital signature is different each time it is deployed. A unique mathematical value, determined by the content of the message, is calculated using a ‘hashing’ or ‘message authentication’ algorithm, and then this value is encrypted with the private key – creating the digital signature for this specific message. The encrypted value is either attached to the end of the message or is sent as a separate file together with the message. The Public Key corresponding to this private key may also be sent with the message, either on its own or as part of a certificate. A certificate is information referring to a public key that has been digitally signed by a Certification Authority (CA).

The framework for PKI is defined in the ITU-T X.509 Recommendation [X.509]. The most important elements of a PKI are the following ones: 

• End Entity: a generic term used to denote end-users, devices (e.g., servers, routers), or any other entity that can be identified in the subject field of a public key certificate. End entities typically consume and/or support PKI-related services.

• Certification Authority (CA): the issuer of certificates and (usually) CRLs. It may also support a variety of administrative functions, although these are often delegated. 

• Registration Authority (RA): an optional component that can assume a number of administrative functions from the CA. The RA is often associated with the End Entity registration process, but can assist in a number of other areas as well. 

• Repository: a generic term used to denote any method for storing certificates and CRLs so that they can be retrieved by End Entities. 

End Entities must “enrol” into the PKI before they can take advantage of the PKI-enabled services. Registration is the first step in the End Entity enrolment process. This is usually characterised as the process whereby an End Entity first makes itself known to a CA. Once the identity of the End Entity is verified in accordance with the applicable policies, the End Entity is typically issued one or more shared secret(s) and other identifying information that will then be used for subsequent authentication as the enrolment process continues.

Initial registration is followed by initialisation. This step is usually associated with initialising the End Entity with its associated key pair(s). Key pair generation involves the creation of the public/private key pair associated with an End Entity. Key pair generation can occur in advance of the End Entity enrolment process or it can take place in response to it. Key pairs can be generated by the End Entity client system, RA, CA or some other component such as a hardware security module.

Certification is the conclusion to the End Entity enrolment process. As the word implies, this step involves the issuance of the End Entity public key certificate by the CA. If the key pair is generated externally to the CA, the public key component must be conveyed to the CA in a secure manner. Once generated, the certificate is returned to the End Entity and/or published to a certificate repository. Certificates are issued with fixed lifetimes (referred to as the “validity period” of the certificate). However, the circumstances that existed when the certificate was issued can change before the certificate expiry. Reasons for revocation include private key compromise, change in affiliation and name change (specific reason codes are defined in X.509). Therefore, it is sometimes necessary to revoke a certificate before its expiration date. The Revocation Request allows an End Entity or a Registration Authority (RA) to request revocation of a given certificate. Certificate revocation information must be made available by the CA that issued that certificate or by the CRL Issuer to which the CA delegates this function. X.509 defines a method for publishing this information via Certificate Revocation Lists (CRLs). The End Entities, or trusted third parties operating on their behalf, must check the revocation status of all certificates in a given certification path. This includes revocation information about End Entity certificates as well as intermediate CAs.

Key pairs and public key certificates can be used to support digital signature creation and verification, encryption and decryption, or both. Digital signatures are typically used for securing the authenticity and the integrity of data processed in a system or transmitted over a network. Therefore the technology can also be used to “sign” data in the legal sense (so-called “electronic” signatures). Between 1995 and 1998 legislation was enacted in the US and in Europe presenting the digital signature technology as the privileged technology to generate secure electronic signatures for legal purposes. Later legislation reversed this approach in order to follow a more technology-neutral approach for electronic signatures. Nevertheless, the European Directive 1999/93/EC still refers to electronic signatures based on PKI, mainly in its annexes containing requirements for qualified certificates based on the X509 standard.

PKI is quite a complex and expensive solution and it has been less successful than expected. However it is still considered to be a very secure technology for authentication and electronic signatures. National identity card projects in some European Member States such as Austria, Belgium, Estonia, Finland and others have adopted PKI for these functions.

In principle, normal business regulations are valid concerning the Internet and electronic transactions. Contracts resulting in a binding obligation for all parties can be made by e-mail or by a simple click. To ensure authenticity and to have potential evidence in an anonymous environment in front of court, the use of electronic signatures is reasonable. Additionally authenticity can be gained by using pseudonyms, a possibility the legal systems of some countries provide (e.g., Germany, § 5 paragraph 3 Signaturgesetz, see section ).