Presentation is loading. Please wait.

Presentation is loading. Please wait.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Published byHugh Shields Modified over 9 years ago

Similar presentations

Presentation on theme: "Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop."— Presentation transcript:

1 Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 era@x500.eu ITU Workshop on “Caller ID Spoofing” (Geneva, Switzerland, 2 June 2014)

2 Geneva, Switzerland, 2 June 2014 2 PKI and PMI Public-key certificates: The basis for public-key infrastructure (PKI) Attribute certificates: The basis for privilege management infrastructure (PMI) Rec. ITU-T X.509 | ISO/IEC 9594-8 base specification for both types of infrastructure

3 Facts about X.509 Geneva, Switzerland, 2 June 20143 Part of the X.500 Series of Recommendations Also issued as ISO/IEC 9594-8 Issued in seven editions First edition in 1988 Eight edition on its way Number one in downloads Defines: Public key/private key principles Public-key certificates Public-key infrastructure (PKI) Attribute certificates Privilege management infrastructure (PMI)

4 Asymmetric cryptography Geneva, Switzerland, 2 June 20144 AB Action using private key Resolving using public key Action using public key Resolving using private key Private keyPublic key Asymmetric cryptography is basic technology behind PKI and PMI

5 PKI entities Geneva, Switzerland, 2 June 20145 CRL Issuer End entity Registration Authority CA Certificate & CRL repository (e.g., an LDAP or X.500 directory) CA

6 Certifying the identity using public-key certificates Geneva, Switzerland, 2 June 20146 Certification Authority

7 Public-key certificate Geneva, Switzerland, 2 June 2014 7 Subject Serial number Public key info Version Algorithm Validity Issuer Issuer unique id Subject unique id Extensions Digital signature of issuer Version 2 (do not use!) Version 3 - Important

8 Extensions The extension concept allows adding additional information to a public- key certificate. Organizations may define own extensions. If the information changes, the public-key certificate has to be renewed.

9 Geneva, Switzerland, 2 June 2014 9 Certification authority (CA) NOT: Certificate authority Verify the identity of the subject Verify the position of the key-pair Verify the other information as required Issues and sign the public-key certificate Maintain revocation status Publishes revocation status

10 Checking the credentials Geneva, Switzerland, 2 June 201410 A passport is a type of certificate binding a picture to a subject ID Has to be issued by a trustworthy authority A passport may be false It is checked by the validator, also called the relying party Subject Relying party

11 Trust Geneva, Switzerland, 2 June 201411 Would you buy a certificate of this man? Would you trust a certificate issued by this man? Certificates

12 Hierarchical Structure Trust anchor CA EE CA CA = Certification authority EE = End entity

13 Trust anchor Trusted by a relying party Trust anchor information: Configured into relying party Public-key certificate or similar information Geneva, Switzerland, 2 June 201413

14 Certificate Revocation List (CRLs) Certificate Serial Number Revocation Date Version Algorithm Time for this update Issuer Extensions Digital signature of issuer Time for next update CRL Extensions Certificate Serial Number Revocation Date Extensions Revoked Certificate

15 Online Certificate Status Protocol (OCSP) Geneva, Switzerland, 2 June 201415 OCSP request OCSP response OCSP responder OCSP client

16 Validation procedure Trust Ancho r User system A (end entity) CA User system B (Relying Party) Storing of Trust Anchor Information Check of revocation Signed data

17 Where to go Geneva, Switzerland, 2 June 201417 The central source for information on the X.500 Directory Standard including X.509. www.x500standard.com

Download ppt "Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop."

Similar presentations

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
Use of Public-Key Infrastructure (PKI) Erik Andersen Association for the Directory Information and Related Search Industry (EIDQ -

Use of Public-Key Infrastructure (PKI) Erik Andersen Association for the Directory Information and Related Search Industry (EIDQ -
A Framework for Distributed OCSP without Responders Certificate

A Framework for Distributed OCSP without Responders Certificate
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Cryptography and Network Security Chapter 14

Cryptography and Network Security Chapter 14
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves:  message was not altered.

CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves:  message was not altered.
Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)
COEN 350 Public Key Infrastructure. PKI Task: Securely distribute public keys. Certificates. Repository for retrieving certificates. Method for revoking.

COEN 350 Public Key Infrastructure. PKI Task: Securely distribute public keys. Certificates. Repository for retrieving certificates. Method for revoking.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1 eID validations services Houcine Bel Mamoune Unit manager eID Technical Drill down Session 7 April 2005.

1 eID validations services Houcine Bel Mamoune Unit manager eID Technical Drill down Session 7 April 2005.
1 ISA 562 Information Systems Theory and Practice 10. Digital Certificates.

1 ISA 562 Information Systems Theory and Practice 10. Digital Certificates.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,

 A public-key infrastructure ( PKI ) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store,
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Report on Attribute Certificates By Ganesh Godavari.

Report on Attribute Certificates By Ganesh Godavari.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Similar presentations

Ads by Google