Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless PKI Shakeel Ahamad Shaik (Research Fellow) Under the supervision of Dr.V.N.Sastry, Associate Professor (IDRBT) & Dr.S.K.Udgata, Reader (UOH) Saturday,

Published byAdrian Mill Modified over 9 years ago

Similar presentations

Presentation on theme: "Wireless PKI Shakeel Ahamad Shaik (Research Fellow) Under the supervision of Dr.V.N.Sastry, Associate Professor (IDRBT) & Dr.S.K.Udgata, Reader (UOH) Saturday,"— Presentation transcript:

1 Wireless PKI Shakeel Ahamad Shaik (Research Fellow) Under the supervision of Dr.V.N.Sastry, Associate Professor (IDRBT) & Dr.S.K.Udgata, Reader (UOH) Saturday, April 18, 20151Wireless PKI

2 Agenda Public Key Systems PKI Functions in Mobile devices Problems faced in the adoption of PKI in Mobile Environment Validation of certificate in WPKI Environment Requirements & Configurations needed for the Implementation of WPKI in mobile payments Conclusion References Saturday, April 18, 2015Wireless PKI2

3 Saturday, April 18, 20153Wireless PKI Public Key Systems Public Key Cryptography (PKC) Public Key Infrastructure (PKI) Personal security environment (PSE) Public-Key Systems

4 Saturday, April 18, 20154Wireless PKI The main components of a PKI Certification Authority (CA) is responsible for issuing and revoking certificates for customers public keys. The Registration Authority (RA) provides a binding between public keys and the entities of their holders. Repositories store and make available certificate directories and a certificate revocation list (CRL). Directory service providers. CA’s in India IDRBT, Safescrypt, NIC,TCS,MTNL,GNFC,e MudhraCA Public-Key Systems (Cont….)

5 Generation of key-pair (public and private keys) Receiving & Storing certificate issued by CA Digital Signature generation and verification Functions for encryption and decryption Validating third party certificates Saturday, April 18, 20155Wireless PKI PKI functions in Mobile Devices

6 Saturday, April 18, 20156Wireless PKI Wireless network has less bandwidth, more latency, insecure connection and device problems such as less powerful CPU, less memory size, restricted battery power, small display and input device. Mobile phone lacks computing capabilities of PKI services such as key generation, digital signature generation and verification, certificate validation, and Certificate Revocation List (CRL) verification, and memory size of storing certificate and CRL. Due to less wireless communication bandwidth, processing of CMP (Certificate Management Protocol) for certificate life cycle such as certificate issue in the mobile phone, and downloading CRL required for certificate verification must be a considerable burden. Challenges in adopting Wired PKI for Mobile Devices

7 Certificate Validation contains the following steps Verifying the integrity and authenticity of the certificate by verifying the digital signature of CA on the certificate. Verifying the validity period of the certificate. Accessing and examining certificate chain and CRL. The validation is considered successful if all the certificates in the certificate path (i.e. from leaf to the root of the tree) are checked and ensured that none of them have been revoked. This process is heavy on resources and time consuming and it is not suitable for mobile devices. Saturday, April 18, 20157Wireless PKI Validation of Certificate in WPKI Environment

8 General hierarchical structure Saturday, April 18, 2015Wireless PKI8

9 Saturday, April 18, 2015Wireless PKI9 Mechanisms to minimize the Certificate validation process Online Certificate Status Protocol (OCSP) Short Lived Certificate (SLC) Validation of Certificate in WPKI Environment (Cont…)

10 Saturday, April 18, 2015Wireless PKI10 Validation of Certificate in WPKI Environment (Cont….) 1. Sends URL of certificat e (or) Certificat e 6. Response of Certificate Validation 2. Merchant sends his X.509 Certificate 3. Delegates certificate Validation of merchant’s Certificate 4. Requests for CRL 5. Sends CRL OCSP mechanism

11 Short-Lived Certificate (SLC) mechanism Certificate: Data: Version: 3 (0x2) Serial Number: 316214 (0x4d336) Signature Algorithm: ecdsa-with-SHA1 Issuer: C=IN, O=IDRBT, OU=CA, CN=CertSIGNECDSA1 Validity Not Before: Apr 17 15:00:00 2010 GMT Not After : Apr 26 14:59:59 2010 GMT Subject: C=IN, O=SBI, OU=CA, CN=test()000021420031112000653 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey 04 04 df e4 6d 84 16 70 1a f3 f4 8e 80 ec ac ac f2 a3 26 b7 e0 60 03 0e 7d 6c ba b9 3e ac 9b eb 85 13 ed 6a b9 75 5c f5 c2 02 b1 Signature Algorithm: ecdsa-with-SHA1 30:2e:02:15:01:3a:07:0f:dc:e4:68:bc:c9:c1:1c:48:68:6b: 1f:99:65:0c:b5:13:55:02:15:03:65:ac:e4:82:c2:30:42:de: ce:f2:49:c5:91:30:c1:90:f3:59:72:5e Saturday, April 18, 2015Wireless PKI11 Validation of Certificate in WPKI Environment (Cont….)

12 Short-Lived Certificate (SLC) mechanism Improved computing & storage resources in mobile devices have made it convenient to generate key pairs & verify digital signatures on mobile devices. Using SLC mobile clients does not have to implement either CRL or OCSP for server authentication. Saturday, April 18, 2015Wireless PKI12 Validation of Certificate in WPKI Environment (Cont….)

13 Saturday, April 18, 201513Wireless PKI Requirements & Configurations needed for the Implementation of WPKI in mobile payments

14 Saturday, April 18, 201514Wireless PKI Requirements & Configurations needed for the Implementation of WPKI in mobile payments (Cont..)

15 Saturday, April 18, 201515Wireless PKI Requirements & Configurations needed for the Implementation of WPKI in mobile payments (Cont..)

16 Mobile FINEID (Finnish Electronic Identity) is a mobile electronic ID for inhabitants in Finland. Based on PKI with user private keys integrated in a PKI SIM. PKI SIM cards are currently issued by two Finnish network operators. PKI SIM owner identities are verified by mobile citizen certificates issued by Finnish Population Register Center (PRC) Saturday, April 18, 201516Wireless PKI Implementation of WPKI in Finland

17 Technical features of FINEID PKI SIM Contains a crypto processor and two PIN code protected private keys: They are (a) Authentication/ Encryption Key & (b) Signature key. In addition to these keys PKI SIM contains PRC ‘s certificate (i.e. CA certificate). Authentication of users and non-repudiation of payments are ensured using Finnish National PKI infrastructure, for mobile payments in Finland. PRC maintains an online certificate directory (FINEID directory). Each registered individual gets a unique Finnish Electronic User ID (FINUID). The public keys are maintained in FINEID directory with their certificates. FINEID directory also maintains a revocation list of invalid certificates. Saturday, April 18, 201517Wireless PKI Implementation of WPKI in Finland (Cont…)

18 Conclusion Compared to wired PKI Wireless PKI is suitable for low end computing devices such as mobile phones. Since Mobile payments require high level of security for its transactions which can be ensured by WPKI. We suggest the existing CA to provide digital certificate to individuals through mobile phones which can be used for mobile payment transactions. Saturday, April 18, 2015Wireless PKI18

19 4/18/2015Security Issues in Mobile Payments19 Abbreviations CMP Certificate Management Protocol WTLS Wireless Transport Layer Security WIM Wireless Identity Module WAP Wireless Application Protocol OCSP Online Certificate Status Protocol CRL Certificate Revocation List CA Certification Authority PKI Public Key Infrastructure WPKI Wireless Public Key Infrastructure SIM Subscriber’s Identity Module BER Basic Encoding Rules DER Distinguished Encoding Rules ECC Elliptic Curve Cryptography SSL Secure Socket Layer ECDSA Elliptic Curve Digital Signature Algorithm ECDH Elliptic Curve Diffie-Hellman URL Uniform Resource Locator

20 4/18/2015Security Issues in Mobile Payments20 REFERENCES 1)Yong Lee, Jeail Lee, JooSeokSong, “Design and implementation of wireless PKI technology suitable for Mobile phone in Mobile Commerce” in Computer Communications 30 (2007), 893-903. 2)Marko Hassinen, Konstantin Hypponen, Elena Trichina, “Utilizing national public- key infrastructure in mobile payment system”, Electronic Commerce Research and Applications 7 (2008), pp 214-231. 3)Population Register Centre. FINEID-S4-1 Electronic ID Application. http://www.fineid.fi http://www.fineid.fi 4)Antonio Ruiz-Martinez, Daniel Sanchez-Martinez, Maria martinez-Montesinos and Antonio F. Gomez-Skrmeta, “A Survey of Electronic Signature Solutions in Mobile Devices” in Journal of Theoretical and Applied Electronic Commerce Research, Vol 2, Issue 3, December 2007, pp 94-109. 1)f Theoretical and Applied Electronic Commerce Research 4/18/201520Security Issues in Mobile Payments

Download ppt "Wireless PKI Shakeel Ahamad Shaik (Research Fellow) Under the supervision of Dr.V.N.Sastry, Associate Professor (IDRBT) & Dr.S.K.Udgata, Reader (UOH) Saturday,"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
CP3397 ECommerce.

CP3397 ECommerce.
(n)Code Solutions A division of GNFC

(n)Code Solutions A division of GNFC
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Pengenalan kepada Prasarana Kekunci Awam (PKI) dan Konsep Mobile PKI

Pengenalan kepada Prasarana Kekunci Awam (PKI) dan Konsep Mobile PKI
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.

E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Similar presentations

Ads by Google