Presentation is loading. Please wait.

Presentation is loading. Please wait.

Certificates Last Updated: Aug 29, 2013. A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.

Published byFerdinand Tate Modified over 9 years ago

Similar presentations

Presentation on theme: "Certificates Last Updated: Aug 29, 2013. A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key."— Presentation transcript:

1 Certificates Last Updated: Aug 29, 2013

2 A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key distribution problem for public keys by narrowing the problem to the secure distribution of the CA public keyBackground

3 Who generates the subject’s key pair? Certificate Generation Source: Stallings, Network Security Essentials

4 Certificate Authority (CA) – Issuer o Certification Practice Statement (CPS) A statement of the practices employed by the CA to issue certificates o Registration Authority (RA) Entity that identifies and authenticates subjects Does not issue certificates o Trusted Third Party (TTP) Expiration o Valid lifetime of the certificate Certificate Revocation List (CRL) o Analogous to a list of lost or stolen credit card numbers o When do certificates need to be revoked? Relying party o Recipient of a certificate that relies on the information it asserts o How does the relying party validate the certificate? (5 steps) Public Key Infrastructure (PKI) o Infrastructure necessary to deploy and use public key technology o The infrastructure needed to recognize which public key belongs to whomTerminology

5 What steps should a relying party (e.g., web browser) take to verify a certificate? o Integrity o Expiration o Revocation o Usage constraints Basic Constraints o Can the subject act as a CA? o Is there a limit to the length of the certificate chain? o Limitation on key use o Ownership Does the entity presenting the certificate have access to the associated private key? Certificate Verification

6 Names – how to identify subjects? Authority – no universal authority Trust – who do we trust as the CA? Revocation – hardest PKI problem to solve o CRL o Fast expiration o Online certificate verification (OCSP) PKI vs. key server o Advantages of PKI server to key server o Recommend key server for small systems, PKI for larger systems PKI Reality Source: Cryptography Engineering, Ferguson et al., Chapter 19

7 What are some examples of how a PKI could be implemented and used? o Universal PKI o Corporate VPN o On-line banking o University PKI Examples

8 Complex organization may distribute the certificate issuing process o Example: How might BYU issue student certificates using the University, College, Department organizational structure? How to create a hierarchy? How to verify a certificate chain? How to recover from a lost/stolen private key? Certificate Hierarchies

9 There are risks when we trust a third party o Some examples are posted on the lectures page Verisign issued two fraudulant Microsoft certificates in 2001 Dutch CA DigiNotor was compromised in 2011 Compromised CAs

Download ppt "Certificates Last Updated: Aug 29, 2013. A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key."

Similar presentations

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Cryptography and Network Security Chapter 14

Cryptography and Network Security Chapter 14
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
(n)Code Solutions A division of GNFC

(n)Code Solutions A division of GNFC
Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Public Key Infrastructure (X509 PKI)

Public Key Infrastructure (X509 PKI)
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Encryption and the Law: The need for a legal regulatory framework for PKI Yee Fen Lim Department of Law Macquarie University.

Encryption and the Law: The need for a legal regulatory framework for PKI Yee Fen Lim Department of Law Macquarie University.
SMUCSE 5349/7349 Public-Key Infrastructure (PKI).

SMUCSE 5349/7349 Public-Key Infrastructure (PKI).
CMSC 414 Computer (and Network) Security Lecture 17 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 17 Jonathan Katz.
Public Key Cryptography: Concepts and Applications Chapter Six Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc. 2007.

Public Key Cryptography: Concepts and Applications Chapter Six Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc

Similar presentations

Ads by Google