DYNAMIC VALIDITY PERIOD DYNAMIC VALIDITY PERIOD CALCULATION OF DIGITAL CALCULATION OF DIGITAL CERTIFICATES BASED ON CERTIFICATES BASED ON AGGREGATED SECURITY AGGREGATED SECURITY

ASSESSMENTASSESSMENT

ByAlexander BeckJens GraupmannFrank Ortmeier

MotivationMotivationDigital certificates are being widely used.

Digital Certificates also has a validity period after which it expires.

So for creating a fault tolerant system where no problem arises due to the expiration of the digital certificates, we should be able to assess the optimal time for which a digital certificate should be active.

Here the authors discuss on how to identify the optimal validity period and factors to be considered to calculate it.

IntroductionIntroductionDigital certificates are an important

component for cryptographic protection of IT infrastructures in large companies

A common property of digital certificates is their predefined validity period.

The algorithms that are used at the time of creation of certificate may be broken before the expiry of the certificate.

Choosing the right crypto Choosing the right crypto periodperiodThe security level of IT systems should always

be in relation to their actual threat.

The current threat is not only the system vulnerabilities but also, on the interest in the system for unauthorized persons.

The lifetime of an issuing certificate should never end before the lifetime of an issued certificate.

Certificates will not be replaced before their expiry.

Vulnerability of IT-systemsVulnerability of IT-systemsManual Security AssessmentManual Security Assessment

 General Security Audit: ◦A documented status of the detection of

defects and security vulnerabilities.

IT System Audit:Aspects of◦ Software versions (authorization (roles &

permissions) and passwords) ◦Safety related configuration

Vulnerability of IT-systemsVulnerability of IT-systemsManual Security AssessmentManual Security Assessment

 Vulnerability Scanning: In the aspects of ◦ Installed operating system and Software◦Open ports◦Used services

 Penetration test: ◦A penetration tester tries with

appropriate programs or methods to penetrate a system and exploit vulnerabilities that were identified

Vulnerability of IT-systemsVulnerability of IT-systemsAutomated Security AssessmentAutomated Security Assessment

These automated calculation of system vulnerabilities are based on Configuration Management Database (CMDB)

It includes the hardware and software including their exact versions and patch levels.

Vulnerability of IT-systemsVulnerability of IT-systemsAutomated Security AssessmentAutomated Security Assessment

ConditionsConditionsThe calculation formula has to fulfill the

following conditions:◦ The resulting value must lie in the

interval [0; 1] (1 means system is completely safe)

◦ The aggregated value must be less than or equal to the smallest single value.

Key length & algorithmKey length & algorithmThe longer the key length is, the longer the

life time of a certificate can be chosen.Different algorithms and key lengths are

compared and stored in the data base.This information needs to be verified and

updated on a regular basis.The combination of algorithm and key

length must be assessed with a value between 0 and 1 with respect to safety.

◦0 – implies the algorithm is known to be broken

◦1- considers to be safe for a long time.

Revocation StatusRevocation StatusThe revocation status can be checked using

an Online Certificate Status Protocol(OCSP) service or (CRL) certificate-revocation-list.

OCSP provides more timely information regarding the revocation status is has to be rated in comparison to CRLs in the context of calculation

This factor can be quantified trivially: ◦ usage of an OCSP service: 1◦ usage of CRL: 0.75◦ no revocation checking: 0.5

Key storage of CA Key storage of CA certificate and length of certificate and length of certificate chaincertificate chainUsually certificates are not issued by Root

CA, but by a Sub-CA.Depending on the size and structure of the

PKI – operating company the path length from the root CA to the sub- CA can differ.

The safety level of a Sub- CA is lower than that of each higher level.

For this reason, the path length will be considered and one possible calculation is 1/ path length.

Certificate DistributionCertificate DistributionDelivery : Automatic 

◦Automated methods (SCEP, CMP) in which the certificate using resource generates the keys itself and issues a certificate request. 

 Delivery : Manual   ◦The manual delivery of a particular

certificate including the private key with in a container via e-mail is critical.

AggregationAggregation

AggregationAggregationThe security Risk Assessment uses the

factors described above to perform the computation of an optimal certificate lifetime.

The following condition must be met for the calculated runtime:

CLM- Architecture with CLM- Architecture with Security Risk AssessmentSecurity Risk Assessment

ConclusionConclusion In this paper, an approach is presented to

dynamically compute a proper certificate lifetime based on generally accepted factors and current security ratings.

It was shown how this dynamic calculation can be embedded into a certificate life-cycle management system.

THANK YOUTHANK YOU