iho-ohi / S100-Security-Scheme-PT

IHO Repository to discuss technical issues related to the S-100 security scheme
10 stars 1 forks source link

Certificate revocation and certificate duration #1

Open robertsandvik opened 10 months ago

robertsandvik commented 10 months ago

Revoking a certificate invalidates a certificate before its scheduled expiration date. A Certificate Authority (CA) can publish a Certificate Revocation List (CRL) that clients can consume containing a list of revoked certificates. The challenge with this method is that it is inefficient to maintain and distribute in “real-time”, especially if users are at sea (ECDIS).

The Online Certificate Status Protocol (OCSP) was developed to overcome some of these issues. The OCSP allow clients to query the CA about the status of a single certificate in real-time. It implies that a client application can connect 24/7 online to an IHO Scheme Administrator (SA) OCSP service and expect an immediate answer about a certificate status from IHO. (IHO does not operate such a service today).

Such a certificate revocation will only be functional if user applications are MANDATED every time to connect and check for revoked certificates!

Is there really a need, and at what cost, to establish and operate such an OCSP service for IHO SA, or can the use of short-lived Data Server certificates achieve the same result?

There is normally a controlled process between a Data Server and the IHO SA before a certificate is revoked. An issue can be initiated by IHO SA with a request to the Data Server to provide more information about an issue and how it is managed. If there are any misconduct and no efforts by the Data Server to rectify its operation, the IHO SA can issue a warning that the Data Server will be expelled from the IHO Protection Scheme and their certificate be put on a “Revocation List”. Such a process can take weeks-months.

If a Data Server certificate duration is set to 12 months, it implies that the certificate will automatically expire within 12 months unless it is renewed. I assume that an ECDIS already must check the validity of digital certificates included in the CATALOG.XML file before any authentication; e.g. issued by IHO SA, not expired etc. The workload on IHO SA is that they. will have to issue a new Data Server certificate once every 12 months for every Data Server participating in the protection scheme (Data Server must generate a CSR in advance).

By having a Data Server certificate duration of 12 months, it will be a maximum of 12 months before a certificate can be automatically revoked and the Data Server is in practice expelled from the IHO protection scheme. It will in practice be shorter because IHO SA knows when the DS certificate will expire and can ensure all communication is completed before expiration date or refuse to renew a Data Server certificate until issues are resolved. This will be an administrative procedure instead of operating an OCSP service 24/7.

Another advantage of having short Data Server certificate duration is that a Data Server is automatically throwing itself out of the IHO protection scheme if it does not renew its Data Server certificate every 12 months. The implication is that only Data Servers with operational services will maintain membership of the protection scheme.

The IHO Data Server Agreement should probably be reviewed to ensure revocation is properly managed.

The IHO Scheme Administrator certificate has for S-63 (20 years-2033) and S-100e4 (30 years-2051) had a much longer duration. IHO has established procedures and documented during the last 20+ years of operating the protection scheme that it can maintain the privacy of the SA private key information. Commercial CA root certificates installed with your operating system commonly have a duration of 25-40 years. It is suggested that the duration of the IHO SA root certificate for S-100e5duration is set to 40+years.

Recommendation: • Data Server certificate duration: 12 months • SA certificate duration: 50 years • Data Server certificate revocation is achieved by having a short certificate duration (within 12 months if recommendations are adopted)

HolgerBothien commented 10 months ago

No problem to shorten the life time of the DS certificate. This will improve the situation but not solve all use cases. An important reason for the revocation an certificate is the case when the private key of the certificate owner is compromised. Then immediate action is required as an possible attacker can create signatures the can be verified with the existing certificate (which may be valid for several month). An OCSP service would solve that problem but not all end user systems will have an internet connection at all times. I would propose that an CA in the scheme (which can be the Scheme Administrator) should publish a CRL:

HolgerBothien commented 10 months ago

Another idea: Using OCSP Stapling. In this case the data client (ECDIS) does not need to have an internet connection. Instead the data server contacts the OCSP responder and 'staples' the response to the certificate (in an exchange set catalogue). This responses contains a time stamp and is signed by the CA. Together with the issue date of the exchange set it can ensure that the certificate is valid at this time point.

robertsandvik commented 8 months ago

Some more taughts on revocations for the IHO security schemes.... Suggestions stakeholder revocation.pdf