PKI Enrollment

PKI enrollment is the process of adding a PKI user (such as a person, a device, or an application) to the PKI. The enrollment is done in the following way:

The enrollment procedure is the initial step of establishing trust between a user and the CA. If the process is executed over an untrusted network, it would be vulnerable to man-in-the-middle attacks. Therefore, it has to be secured in such cases.

Man-in-the-Middle PKI Enrollment Attack

Without any additional protection for the enrollment process, a man-in-the-middle attack can be used to spoof identities. The attacker could replace the submitted public key of the user with the public key of the attacker, causing the CA to possibly issue a certificate to the attacker instead of to the legitimate user. The attacker could replace the real CA certificate with the false CA certificate of the attacker when the end user requests the certificate of the CA. The end user would then trust the CA of the attacker instead of the real CA.

Note

The attacker would replace only the public key of the user, not the identity (name) of the user. When the CA issues the certificate, the attacker can pretend to be the user by presenting the certificate with the name of the user but the public key of the attacker.

Secure PKI Enrollment

To mitigate the risk of interception and key substitution during enrollment, the enrollment procedure needs to incorporate two out-of-band authentication procedures:

• Verification by the enrolling PKI user that the correct CA certificate has been received
• Verification by the CA that it has received the correct enrollment information from the enrolling PKI user

This can be done by out-of-band exchange of fingerprints of the messages (certificates). If the out-of-band received fingerprint matches the fingerprint of the received message, the message is authentic. However, if the enrollment is completed over a secure network, where interception is not possible, those security procedures might be relaxed or omitted completely.

To verify that the correct CA certificate has been received, a local hash (fingerprint) of the received information is calculated, as shown in Figure 25-6. This fingerprint is compared to the true CA certificate fingerprint, obtained over the telephone or another secure channel. If they match, the true CA certificate has been received.

Figure 25-6. Manually Securing PKI Enrollment

When the user submits identity and public key information, a local hash (fingerprint) of the submitted information is calculated again. The CA also performs a hashing procedure of the received information. The CA then compares its hash of the received information to the hash of the user of the submitted information over the telephone or any other secure channel. If the two hashes match, the CA has received an unmodified enrollment request.