Certificate-based authentication


Authentication is one of the big uses that's often hypothesized for PKI, and if you had to pick a use outside of SSL where PKI might actually succeed one day, authentication is probably a good one to pick. Using certificates for authentication avoids the troublesome discussion about whether or not you really have non-repudiation that you often get when certificates are used for digital signatures. You also avoid the headaches that accompany using certificates are used for encryption, like key recovery and key lookup.

On the other hand, authentication is also the case where I've seen certificates misused most often. This is probably, at least in part, due to the careless way that people often talk about using certificates. I've even done that here, haven't I?

People often talk about using a certificate to authenticate a user. This has led to more than one case where a certificate is attached to a message as an authentication credential. The recipient then checks the name in the certificate. If it says Alice, then the message is assumed to be from Alice.

This is absolutely useless as a means of authentication. Despite this, I've seen this done more than once. Other security people that I've talked to often have similar stories about seeing it.

A digital certificate carries a user's public key, which is, well, public. Because of this, it's reasonable to assume that Eve can get Alice's certificate and attach it to a message just as easily as Alice can, which means that using a certificate in this way isn't providing any useful authentication at all. Or it's just as useful as using other public information as a means of authentication.

A better way to use an authentication certificate is as part of a protocol that proves that a user has the private key that corresponds to the public key in the certificate. In addition to defining the format of certificates, the X.509 standard actually describes how to do this. Doing this is much trickier that just attaching a certificate and checking the name in it. On the other hand, it's also much more secure. So if someone says that they're doing "certificate-based authentication," it's probably worth asking for more details about exactly how they're doing this. It may not be as secure as it first sounds.

Leave a Reply

Your email address will not be published. Required fields are marked *