Presentation is loading. Please wait.

Presentation is loading. Please wait.

Technology – Broad View1 Networks  For the most part, not a technology, but political/financial issue Available bandwidth continuously increasing (“√2-rule”

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Technology – Broad View1 Networks  For the most part, not a technology, but political/financial issue Available bandwidth continuously increasing (“√2-rule”"— Presentation transcript:

1 Technology – Broad View1 Networks  For the most part, not a technology, but political/financial issue Available bandwidth continuously increasing (“√2-rule” – doubling every two years) Cost/bandwidth ratio continuously decreasing networking technologies for high bandwidth available today (2.5 GBit/s, 10 GBit/s and higher, Ethernet, SDH, WDM,...) In principle, applies both to fibre optics as well as copper technologies for transmission of audio/video available (e.g. DiffServ, MPLS) transmitting audio/video via low-cost access points possible  Still open, to do in many networks: install transmission methods for audio/video via low-cost access network wide coordinate activities on European or world-wide basis (e.g. MPLS-Gateways)

2 Technology – Broad View2 Storage  Harddisks: Capacity: “√2-rule” Cost/capacity – ratio decreasing (IDE-RAIDs, S-ATA)  Tapes: “√2-rule” for capacity (AIT 1,2,3, LTO 1,2,3, S-AIT)  Future Holographic Storage: From todays viewpoint: unlimited storage capacity Probably available soon: 1 TByte DVD  „Input-bandwidth“ of archive: “√2-rule” (e.g. GWDG 400 MByte/s Peak)  Intelligent Storage Management (HSM etc.)  Media Migration / Refreshment needed for long term archiving  Policy needed that takes into account data volume, copying time and data integrity checks

3 Technology – Broad View3 Server Certificates, Authentication for Servers How can we be sure that an archive site is indeed the site it claims to be?  standards and technology available (X.509, Public Key Infrastructures...)  usability o.k. (Web-Browser)  users will accept (small) overhead if added value obvious  cost acceptable (typical 100 € per server and year)  cost reduction possible (e.g. certificates issued by scientific computing centers)

4 Technology – Broad View4 User Certificates, Authentication for Users How can we be sure that someone is indeed who he claims to be?  standards and technology available (X.509, Public Key Infrastructures...)  usability of certificates o.k. wrt signing & encrypting e-mail  Requesting a certificate, installing it today somehow tricky  Same applies to generating Private-Public-Key-Pair, securely storing private key, being mobile with private key (smart cards, usb tokens …)  Cost is an issue  cost reduction possible (e.g. certificates issued by scientific computing centers)  Support for users by scientific computing centers increasing  Secure authentication of user to server still an issue

5 Technology – Broad View5 A few words on basic security technologies  Certificate, Certification authority (CA), public key cryptosystem, public key infrastructure (PKI) …what is it all about???  Certificates, CA, PKI... what is it good for???  How do we use them to ensure message/data Integrity? Confidentiality? Authenticity?

6 Technology – Broad View6  Pair of (different but „corresponding“) keys  Both may be used for encryption/decryption  Encrypt with one, decrypt (only!) with the other  The basic „trick“: One is kept secret (private key), one made available to others (public key) -> ensure integrity and confidentiality  Let others encrypt message sent to you with your public key, decrypt message (only!) with own private key: ensures confidentiality  Encrypt „fingerprint of message“ with own private key, let others decrypt (only!) with your public key: ensures integrity Public key cryptosystems sK: Secret (Private) Key, pK: Public Key, Dig Sig: Digital Signature X Hash Value Y H(X) = Y F(Y, sK) = Z Z Document X DigSig Signer: Sender, Author, … (sK, pK) Hash Function Asymmetric Encryption Signed Document

7 Technology – Broad View7  Authenticity: how to make sure that the „person behind a public key“ is the person who she/he claims to be?  Idea: ask him to show his/her identity card!  Certificate is a „digital identity card“  A trustworthy third party signs relation of a public key and name, organisation, e-mail-adress etc. CA Trust Center (sK, pK) Hash Function Asymmetric Encryption Hash Value Seriennnummer ID der CA Gültigkeitsperiode Optionale Angaben Version Serial Number CA ID Validity Period Certificate Owner ID Optional Extensions Signature Owner pK Signature Algorithm Version Serial number CA ID Validity period Certificate owner ID Optional extensions Owner pK e.g. SHA-1 e.g. RSA Signature Algorithm = (Hash Function ID, Cipher ID) X.509v3 Certificate (Subject) Certificates, Certification Authorities sK: Secret (Private) Key, pK: Public Key, ID: Identifier, CA: Certification Authority SHA: Secure Hash Algorithm, RSA: Rivest Shamir Adleman

8 Technology – Broad View8 Public Key Infrastructure - PKI  PKI: infrastructure for administratoin of certificates (issue, revoke, distribute …)  PKI is a hierarchical structure, a hierarchy of certification authorities  Root-CA, Sub-CA on multiple levels  Root certificate issued by Root  Certificate for Sub-CA issued by Root  Certificate for Alice issued by Sub-CA sK: Secret (Private) Key, pK: Public Key, ID: Identifier, CA: Certification Authority CA

Download ppt "Technology – Broad View1 Networks  For the most part, not a technology, but political/financial issue Available bandwidth continuously increasing (“√2-rule”"

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
CP3397 ECommerce.

CP3397 ECommerce.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
CAMP - June 4-6, 2003 1 Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin 2003. This work is the intellectual property of the authors.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

Similar presentations

Ads by Google