Security Concerns
•
When I send my credit card number to you over the Internet, is it safe?
•
I got an E-mail that said it had been tampered with. How could this happen and
what should I do?
•
How is my Digital ID/private key protected?
•
How do I protect my Digital ID/private key?
•
My computer was stolen. What should I do to protect my Digital ID?
•
What if someone copies my Digital ID?
•
Are Certification Authorities susceptible to attack?
•
What if the Certification Authority's key is lost or compromised?
-------------------------------------
When
I send my credit card number to you over the Internet, is it safe?
Yes.
The enrollment system runs on a secure server, which uses the Internet
industry's standard Secure Sockets Layer (SSL) to protect your transaction from
eavesdropping and tampering.
-------------------------------------
I
got an E-mail that said it had been tampered with. How could this happen and
what should I do?
ived.
Your Digital ID will detect "tampering" when any data has been added
to your mail, and sometimes this occurs in the normal process of Internet
routing. If the E-mail was encrypted with your Digital ID, there is no way that
a third party could read your message. If it was digitally signed, you may want
to communicate with the person who sent you the message and confirm its
contents.
-------------------------------------
How
is my Digital ID/private key protected?
Your
private key is protected in two ways:
It
is stored on your computer's hard drive so you can control access to it.
When
you generate your private key, the software you use (such as your browser) will
probably ask you for a password. This password protects access to your private
key. For Microsoft Explorer users, your private key is protected by your
Windows password.
A
third party can access your private key only by (i) having access to the file
your key is stored in (which is usually part of your system's configuration
information) and (ii) knowing your private password. Some software permits you
to choose to not have a password protect your private key. If you use this
option, then you are trusting that no one, presently or in the future, will
have unauthorized access to your computer.
In
general, it is far easier to use a password then to completely safeguard your
computer physically. Not using a password is like pre-signing all of the checks
in your checkbook and then leaving it open on your desk.
-------------------------------------
How
do I protect my Digital ID/private key?
Protect
your computer from unauthorized access by keeping it physically secure. Use
access control products or operating system protection features (such as a
system password). Take measures to protect your computer from viruses, because
a virus may be able to attack a private key. Always chose to protect your
private key with a good password. See http://csrc.nist.gov/nistbul/csl96-08.txt
concerning private key security and http://csrc.nist.gov/nistbul/csl90-08.txt
concerning computer virus attacks.
There
are also two types of hardware devices available that are more secure than your
hard drive for storing your private key. These are known as tokens (typically
PCMCIA cards or special floppy disks) and smartcards. Contact you software
vendor to see if it supports these devices.
IT
IS YOUR RESPONSIBILITY TO PROTECT YOUR PRIVATE KEY. ANYONE WHO OBTAINS YOUR
PRIVATE KEY CAN FORGE YOUR DIGITAL SIGNATUREAND TAKE ACTIONS IN YOUR NAME!
-------------------------------------
My
computer was stolen. What should I do to protect my Digital ID?
Your
Digital ID is protected with either your Netscape password (required to use the
Digital ID with Netscape) or your Windows password (required to log on to
Microsoft Windows). It is therefore very unlikely that the thief will be able
to use your Digital ID to impersonate you or read your private messages.
If
you have a back-up copy of your Digital ID saved on a floppy disk, you can
install it on a different computer. <<Refer to Backing Up and
Transporting Your Digital ID>>.
Since
the security of your Digital ID has been compromised, you should revoke it and
enroll for a new Digital ID
-------------------------------------
What
if someone copies my Digital ID?
Your
Digital ID cannot be used without your private key, which is never transmitted
to us. To maintain security, your private key should be protected by a password
and never sent across any network. You want your Digital ID (which contains
your public key) to be available to other users so that they can verify your
right to use the digital certificate, decrypt messages that you have encrypted
with your private key, and verify your digital signatures. For more information
about the use of Digital IDs and how public key encryption works, <<see
the Digital ID Center's Introduction to Digital IDs.>>
-------------------------------------
Are
Certification Authorities susceptible to attack?
One
can think of many attacks aimed at the Certification Authority, which must be
prepared to defend against said attacks.
Consider
the following attack. Suppose Bob wishes to impersonate Alice. If Bob can
convincingly sign messages as Alice, he can send a message to Alice's bank
saying "I wish to withdraw $10,000 from my account. Please send me the
money." To carry out this attack, Bob generates a key pair and sends the
public key to a Certification Authority saying "I'm Alice. Here is my
public key. Please send me a Digital ID." If the CA is fooled and sends
him such a Digital ID, he can then fool the bank, and his attack will succeed.
In order to prevent such an attack the CA must verify that a digital
certificate request did indeed come from its purported author, i.e., it must
require sufficient evidence that it is actually Alice who is requesting the
Digital ID. The CA may, for example, require Alice to appear in person and show
a birth certificate. Some CAs may require very little identification, but the
bank should not honor messages authenticated with such low-assurance Digital
IDs. Every CA must publicly state its identification requirements and policies;
others can then attach an appropriate level of confidence to the Digital IDs.
An
attacker who discovers the private key of a Certification Authority could then
forge Digital IDs. For this reason, a Certification Authority must take extreme
precautions to prevent illegitimate access to its private key. The private key
should be kept in a high-security box, known as a Certificate Signing Unit, or
CSU.
The
Certification Authority's public key might be the target of an extensive
factoring attack. For this reason, CAs should use very long keys, preferably
1000 bits or longer, and should also change keys regularly. Top-level
Certification Authorities are exceptions: it may not be practical for them to
change keys frequently because the key may be written into software used by a
large number of verifiers.
In
another attack, Alice bribes Bob, who works for the Certification Authority, to
issue to her a Digital ID in the name of Fred. Now Alice can send messages
signed in Fred's name and anyone receiving such a message will believe it
authentic because a full and verifiable Digital ID chain will accompany the message.
This attack can be hindered by requiring the cooperation of two (or more)
employees to generate a Digital ID; the attacker now has to bribe two employees
rather than one. For example, in some of today's CSUs, three employees must
each insert a data key containing secret information in order to authorize the
CSU to generate Digital IDs.
Unfortunately,
there may be other ways to generate a forged Digital ID by bribing only one
employee. If each digital certificate request is checked by only one employee,
that one employee can be bribed and slip a false request into a stack of real
Digital ID requests. Note that a corrupt employee cannot reveal the
Certification Authority's private key, as long as it is properly stored.
Another
attack involves forging old documents. Alice tries to factor the modulus of the
Certification Authority. It takes her 15 years, but she finally succeeds, and
she now has the old private key of the Certification Authority. The key has
long since expired, but she can forge a Digital ID dated 15 years ago attesting
to a phony public key of some other person, say Bob; she can now forge a
document with a signature of Bob dated 15 year ago, perhaps a will leaving
everything to Alice. The underlying issue raised by this attack is how to
authenticate a signed document dated many years ago.
Note
that these attacks on Certification Authorities do not threaten the privacy of
messages between users, as might result from an attack on a secret-key
distribution center.
-------------------------------------
What
if the Certification Authority's key is lost or compromised?
If
the Certification Authority's key is lost or destroyed but not compromised,
Digital IDs signed with the old key are still valid, as long as the verifier
knows to use the old public key to verify the Digital ID.
In
some CSU designs, encrypted backup copies of the CA's private key are kept. A
CA which loses its key can then restore it by loading the encrypted backup into
the CSU, which can decrypt it using some unique information stored inside the
CSU; the encrypted backup can only be decrypted using the CSU. If the CSU
itself is destroyed, the manufacturer may be able to supply another with the
same internal information, thus allowing recovery of the key.
A
compromised CA key is a much more dangerous situation. An attacker who
discovers a Certification Authority's private key can issue phony Digital IDs
in the name of the Certification Authority, which would enable undetectable
forgeries; for this reason, all precautions must be taken to prevent
compromise.
If
a compromise does occur, the CA must immediately cease issuing Digital IDs
under its old key and change to a new key. If it is suspected that some phony
Digital IDs were issued, all Digital IDs should be recalled, and then reissued
with a new CA key. These measures could be relaxed somewhat if Digital IDs were
registered with a digital time-stamping service. Note that compromise of a CA
key does not invalidate users' keys, but only the Digital IDs that authenticate
them. Compromise of a top-level CA's key should be considered catastrophic,
since the key may be built into applications that verify Digital IDs.
-------------------------------------